How to bypass nginx proxy a list of IPS

Question

I have an Nginx config with the redirect to holding pages:

    location / {
        ...
        if ($setholdingpage = 'True') {
        rewrite (^.*$) /holding-page last;
        }
           proxy_pass $backend;
    }

Also, I have a list of IPs that should be whitelisted and not redirected to holding pages. How it's possible to do?

score 2 · Accepted Answer · answered Apr 08 '21 at 20:51

2

You can use the Nginx geo module to create a variable based upon client IP address, you can specify individual IP addresses or CIDR ranges:

geo $bypassip {
  default 0;

  64.233.160.0/19 1;
  66.102.0.0/20 1;
}

Then override your variable if the IP matches one in your list:

if ($bypassip = 1){
  set $setholdingpage False;
}

I use a similar setup to block certain geographic regions but still allow Google crawlers to access my site.

answered Apr 08 '21 at 20:51

miknik

5,748
1
10
26

Thanks a lot for your help. I used this approach and it works! – fireman777 Apr 09 '21 at 12:18

score 0 · Answer 2 · answered Apr 08 '21 at 12:45

You can make use of the allow deny directives.

If I get you correct the whitelist will be your $setholdingpage variable in some sort?

try this

server {

error_page 403=@holding;

location / {
  allow 127.0.0.1;
  allow 192.168.1.0/24;
  deny all;

  proxy_pass http://backend;

}

location /@holding {
  root /path/to/your/holding/html;
  index holdingv1.html;
}

}

This will send the non-whitelisted IPs to the error-page you specified. The error_page can be in the location as well.

Not tested but this should do the trick.

References: http://nginx.org/en/docs/http/ngx_http_access_module.html#allow

Thanks for the help. Possibly, this is a good approach, but I used "geo" and this approach works. — fireman777, Apr 09 '21 at 12:19

How to bypass nginx proxy a list of IPS

2 Answers2