Blocking an IP via nginx or firewall?


#1

Which would the best way to block an ip? I noticed a “blockip” in the nginx setup but started to wonder if i should let nginx handle blocking ips or should i add it to the firewall deny list?


#2

@FalconX1

It depends,

I would suggest to use firewall for blocking an particular ip, blocking with nginx will block ip for http/https port.


#3

i see, firewall it is :slight_smile:


#4

I had written a small php script that appended the deny line to an included block.conf file …/webroot (in the same folder as wp-config.php outside of the web root)

// check for IP and make sure not to use the proxy IP
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];  // IP when through a proxy i.e. cloudflare
} else {
        $ip = $_SERVER['REMOTE_ADDR'];
}

// set $hack = true if your condition is met

if ($hack) {
    $fh = fopen('/var/www/example.com/block.conf', 'a');
    fwrite($fh, 'deny '. $ip .'; #'. date('Y-m-d H:i:s') .' hack attack attempt detected'. "\r\n");
    header('Location: https://www.youtube.com/watch?v=t3otBjVZzT0'); // send to nice video
    exit;
}

output appended during attempt:

deny xxx.xxx.xxx.xxx; #2015-03-17 Brute force hack attempt

I couldn’t trigger nginx to reload from the php script even with exec, I tried iwatch and others to monitor the file for changes then reload, but left with a cron job, so I just set an interval on a cron job to reload the nginx config file. The cron job ran this.

#! /bin/bash
/usr/sbin/nginx -s reload

It works really well in blocking uses who trigger this script.


#5

Hi @FalconX1

It’s been a long time, and we haven’t heard from you. It looks like your issue is resolved.

I am closing this support topic for now. Feel free to create a new support topic if you have any queries further. :slight_smile:


#6