An nginx module for using netfilter ipsets as a black/white list. In comparison to standard nginx access module this allows for dynamic list updating, without nginx reload/restart.
-
Get youself a linux server with root access
-
Get nginx source code, unpack etc.
-
Install libipset, libssl-dev, pcre and other nginx requirements
-
Configure nginx with this module:
./configure --add-module=/path/to/ngx_http_ipset_access
-
Compile, install
-
Create yout ipset and add some ‘offending’ ips to it:
sudo ipset -N myblacklist iphash sudo ipset -A myblacklist 127.0.0.1
-
Start nginx
-
Profit!
Alternatively, you can compile a dynamic module for nginx with:
./configure --add-dynamic-module=/path/to/ngx_http_ipset_access --with-compat
After compilation, locate ‘objs/ngx_http_ipset_access.so`.
To load the compiled module into nginx, add the following at the top of nginx.conf:
load_module /path/to/ngx_http_ipset_access.so;