Allow IPs overriding deny rule

gl flag

If one blocks IPs using a deny rule, e.g.


Is it possible to then allow certain IPs in that range/CIDR block?

I would like to block all AWS (Amazon) IPs, but there are a small number of IPs I need to allow from the AWS ranges.

us flag

According to the Nginx manual

The rules are checked in sequence until the first match is found.

So placing your allow/deny rules in the correct order will allow you to exclude specific IP-address from the policy of a specific subnet.


has the effect: all IP's from that subnet except are denied.


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.