Is it possible to deny range like 43.249.64.0-43.249.85.255? Or only by mask like 43.249.64.0/19 which includes up to 43.249.95.255 which makes it not good decision.
Asked
Active
Viewed 2.3k times
12
-
2or you could use multiple ranges? – Marc B Jun 23 '13 at 20:28
-
I'm really bad with networking so I can't calculate which ranges I need to add to cover one mentioned above. If you could calculate them for me, I would be more than grateful – Igor Yavych Jun 23 '13 at 20:31
-
1write out the octets in binary format ,e.g. 43 -> 00101011. that'll make visualizing the masks much easier. – Marc B Jun 23 '13 at 20:32
-
Would that be 43.249.64.0/20, 43.249.80.0/22 and 43.249.84.0/23? – Igor Yavych Jun 23 '13 at 20:37
1 Answers
31
You can block IP ranges using the CIDR notation. Have a look at the article 'Nginx Block And Deny IP Address OR Network Subnets'
You can use IP range calculators like this one that do the math for you. For example your range '43.249.64.0-43.249.85.255' can be expressed as:
43.249.64.0/20
43.249.80.0/22
43.249.84.0/23
djf
- 6,592
- 6
- 44
- 62
-
-
haha, I guess. thanks again. Have no clue why I haven't though of combining ranges myself. – Igor Yavych Jun 23 '13 at 20:50
-
do you put a separate "deny" at the beginning of every line and a ";" at the end, or can you use one "deny", ";" pair for the whole block? – Craig Hicks Mar 03 '18 at 01:54
-
@CraigHicks That's correct. [Here's the access module documentation](http://nginx.org/en/docs/http/ngx_http_access_module.html) – djf Mar 03 '18 at 07:37