There we’ve a small script to generate a list of IP’s to deny in nginx. In that case I use this script to enhance the security of this blog and try to reduce some spam generated from some bots. This website has a simple API (https://www.badips.com/apidoc) even you can do some integration with iptables or fail2ban.

Basically this script gets a list of IP’s from http://www.badips.com/get/list/wordpress/ and generate a configuration file for nginx using the syntax deny <ip>; By default locates this file in /etc/nginx/conf.d/blockips.conf. The script uses the module Digest::MD5 to generates a md5 for the current IP list and the last one get from the url, if there are changes then will overwrite the file and reload nginx. Before reload nginx the script checks the configuration syntax using nginx -t if it’s okay then commit the changes using etckeeper, if not the script will revert to the last committed revision.

As usual you can get the script from github: https://github.com/opentodonet/blockips-nginx

Script to blacklist bad guys in nginx
Tagged on:     

Leave a Reply

Follow

Get every new post delivered to your Inbox

Join other followers: