Access control

Access control restrictions are essential to day-to-day operation. Nginx includes a group of modules that let you allow or deny access depending on various conditions. Nginx denies access to a resource by returning a 403 (Forbidden HTTP) status or 401 (Unauthorized) if accessing the resource requires authentication. This 403 (Forbidden) status code can be intercepted and customized using the error_page directive.

Restricting access by IP address

Nginx allows you to permit or deny access to a virtual host or a location by IP address. For that, you can use the directives allow and deny. They have the following format:

allow <IP address> | <IP address>/<prefix size> | all;
deny <IP address> | <IP address>/<prefix size> | all;

Specifying ...

Get Nginx Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.