The Problem

A website I ran was experiencing issues with unwanted traffic from specific IP addresses that were attempting to access non-existent URL paths. This activity resulted in numerous 404 errors and spamming of my server. To mitigate this, I needed a solution to block these IP addresses effectively. My application is deployed using Dokku, which utilizes Nginx to route requests.

The Solution

You can configure Dokku to add rules to Nginx that will deny access to specific IP addresses. Dokku loads any Nginx configuration files stored in the /home/dokku/$APPNAME/nginx.conf.d/ directory (replace $APPNAME with your application name).

Step 1: Create the Configuration Directory

First, ensure that the directory exists by running the following command on your server:

mkdir /home/dokku/$APPNAME/nginx.conf.d/

Step 2: Create the IP Block Configuration File

Next, create a configuration file where you can define the IP addresses to block. You can name this file blockips.conf and edit it using nano:

nano /home/dokku/$APPNAME/nginx.conf.d/blockips.conf

Step 3: Add IP Blocking Rules

In the file, add the following rules to block specific IP addresses. For instance:

deny 192.0.2.1;  # Replace with the IP address you want to block
deny 203.0.113.0;  # Add more IP addresses as needed

You can add as many deny directives as necessary to block multiple IPs.

Step 4: Set Ownership and Reload Nginx

Ensure that Dokku owns the file you created:

chown dokku:dokku /home/dokku/$APPNAME/nginx.conf.d/blockips.conf

Finally, reload Nginx to apply the changes:

service nginx reload

Conclusion

By following these steps, you can effectively block unwanted traffic from specified IP addresses on your Dokku-deployed application using Nginx. This will help keep your server secure and reduce the number of invalid requests.

Feel free to modify the IP addresses as per your needs and ensure regular updates to your block list as necessary.

Popular Tag
Share: