Blocking an IP via nginx or firewall?

Which would the best way to block an ip? I noticed a “blockip” in the nginx setup but started to wonder if i should let nginx handle blocking ips or should i add it to the firewall deny list?


It depends,

I would suggest to use firewall for blocking an particular ip, blocking with nginx will block ip for http/https port.

i see, firewall it is :slight_smile:

I had written a small php script that appended the deny line to an included block.conf file …/webroot (in the same folder as wp-config.php outside of the web root)

// check for IP and make sure not to use the proxy IP
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];  // IP when through a proxy i.e. cloudflare
} else {
        $ip = $_SERVER['REMOTE_ADDR'];

// set $hack = true if your condition is met

if ($hack) {
    $fh = fopen('/var/www/', 'a');
    fwrite($fh, 'deny '. $ip .'; #'. date('Y-m-d H:i:s') .' hack attack attempt detected'. "\r\n");
    header('Location:'); // send to nice video

output appended during attempt:

deny; #2015-03-17 Brute force hack attempt

I couldn’t trigger nginx to reload from the php script even with exec, I tried iwatch and others to monitor the file for changes then reload, but left with a cron job, so I just set an interval on a cron job to reload the nginx config file. The cron job ran this.

#! /bin/bash
/usr/sbin/nginx -s reload

It works really well in blocking uses who trigger this script.

Hi @FalconX1

It’s been a long time, and we haven’t heard from you. It looks like your issue is resolved.

I am closing this support topic for now. Feel free to create a new support topic if you have any queries further. :slight_smile: