The Problem
A website I ran was experiencing issues with unwanted traffic from specific IP addresses that were attempting to access non-existent URL paths. This activity resulted in numerous 404 errors and spamming of my server. To mitigate this, I needed a solution to block these IP addresses effectively. My application is deployed using Dokku, which utilizes Nginx to route requests.
The Solution
You can configure Dokku to add rules to Nginx that will deny access to specific IP addresses. Dokku loads any Nginx configuration files stored in the /home/dokku/$APPNAME/nginx.conf.d/ directory (replace $APPNAME with your application name).
Step 1: Create the Configuration Directory
First, ensure that the directory exists by running the following command on your server:
mkdir /home/dokku/$APPNAME/nginx.conf.d/Step 2: Create the IP Block Configuration File
Next, create a configuration file where you can define the IP addresses to block. You can name this file blockips.conf and edit it using nano:
nano /home/dokku/$APPNAME/nginx.conf.d/blockips.confStep 3: Add IP Blocking Rules
In the file, add the following rules to block specific IP addresses. For instance:
deny 192.0.2.1; # Replace with the IP address you want to block
deny 203.0.113.0; # Add more IP addresses as neededYou can add as many deny directives as necessary to block multiple IPs.
Step 4: Set Ownership and Reload Nginx
Ensure that Dokku owns the file you created:
chown dokku:dokku /home/dokku/$APPNAME/nginx.conf.d/blockips.confFinally, reload Nginx to apply the changes:
service nginx reloadConclusion
By following these steps, you can effectively block unwanted traffic from specified IP addresses on your Dokku-deployed application using Nginx. This will help keep your server secure and reduce the number of invalid requests.
Feel free to modify the IP addresses as per your needs and ensure regular updates to your block list as necessary.
