Score:0

Allow IPs overriding deny rule

gl flag

If one blocks IPs using a deny rule, e.g.

deny 123.124.2.0/24;

Is it possible to then allow certain IPs in that range/CIDR block?

I would like to block all AWS (Amazon) IPs, but there are a small number of IPs I need to allow from the AWS ranges.

Score:1
us flag
Rob

According to the Nginx manual http://nginx.org/en/docs/http/ngx_http_access_module.html

The rules are checked in sequence until the first match is found.

So placing your allow/deny rules in the correct order will allow you to exclude specific IP-address from the policy of a specific subnet.

allow 123.124.2.13;
deny  123.124.2.0/24;

has the effect: all IP's from that subnet except 123.124.2.13 are denied.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.