Mark12345
Basic Pleskian
Creating rules using the Plesk Firewall utility is painful. Especially when you want to block or allow hundreds of IP ranges. Let's take for example wanting to only allow USA IP addresses per this table Major IP Address Blocks For United States
Do I want to go through every row and add them to custom rules in Plesk? Not really. I'd much rather add them to a file. The cool thing is, this file seems to exist:
/usr/local/psa/var/modules/firewall/firewall-active.sh
You can create a custom rule via Plesk and see it stored in this file. Say I choose to block CIDR 5.188.208.0/20, I create a custom rule to block all incoming from this IP range. This is what the entry looks like in the file:
apply_rule /usr/sbin/iptables -A INPUT -p udp -s 5.188.208.0/20 -j DROP
apply_rule /usr/sbin/iptables -A INPUT -p tcp -s 5.188.208.0/20 -j DROP
If I add another range to the rule, say 194.84.96.0/19, this is what shows up in the file:
apply_rule /usr/sbin/iptables -A INPUT -p udp -s 194.84.96.0/19 -j DROP
apply_rule /usr/sbin/iptables -A INPUT -p udp -s 5.188.208.0/20 -j DROP
apply_rule /usr/sbin/iptables -A INPUT -p tcp -s 194.84.96.0/19 -j DROP
apply_rule /usr/sbin/iptables -A INPUT -p tcp -s 5.188.208.0/20 -j DROP
It would be cool if I could edit that file and restart the firewall but it doesn't work that way.
So I'm wondering, what is the most effective, efficient, easiest way to block incoming IP ranges/CIDR/subnets?
Should I add them to /etc/nginx/nginx.conf like this:
location / {
deny 5.188.208.0/20;
deny 1194.84.96.0/19;
deny 194.59.184.0/24;
deny 194.59.186.0/24;
deny 194.60.132.0/22;
deny 194.60.236.0/22;
deny 194.60.242.0/24;
deny 194.60.244.0/22;
}
Maybe I answered my own question. If someone objects, please let me know but it seems blocking using deny in nginx.conf file is the best approach.
Handy tool to generate a list of CDIR nginx deny entries by country Block Visitors by Country | IP2Location
interesting references: How to block requests from specific IP address in Nginx - Init Pals
www.cyberciti.biz
Do I want to go through every row and add them to custom rules in Plesk? Not really. I'd much rather add them to a file. The cool thing is, this file seems to exist:
/usr/local/psa/var/modules/firewall/firewall-active.sh
You can create a custom rule via Plesk and see it stored in this file. Say I choose to block CIDR 5.188.208.0/20, I create a custom rule to block all incoming from this IP range. This is what the entry looks like in the file:
apply_rule /usr/sbin/iptables -A INPUT -p udp -s 5.188.208.0/20 -j DROP
apply_rule /usr/sbin/iptables -A INPUT -p tcp -s 5.188.208.0/20 -j DROP
If I add another range to the rule, say 194.84.96.0/19, this is what shows up in the file:
apply_rule /usr/sbin/iptables -A INPUT -p udp -s 194.84.96.0/19 -j DROP
apply_rule /usr/sbin/iptables -A INPUT -p udp -s 5.188.208.0/20 -j DROP
apply_rule /usr/sbin/iptables -A INPUT -p tcp -s 194.84.96.0/19 -j DROP
apply_rule /usr/sbin/iptables -A INPUT -p tcp -s 5.188.208.0/20 -j DROP
It would be cool if I could edit that file and restart the firewall but it doesn't work that way.
So I'm wondering, what is the most effective, efficient, easiest way to block incoming IP ranges/CIDR/subnets?
Should I add them to /etc/nginx/nginx.conf like this:
location / {
deny 5.188.208.0/20;
deny 1194.84.96.0/19;
deny 194.59.184.0/24;
deny 194.59.186.0/24;
deny 194.60.132.0/22;
deny 194.60.236.0/22;
deny 194.60.242.0/24;
deny 194.60.244.0/22;
}
Maybe I answered my own question. If someone objects, please let me know but it seems blocking using deny in nginx.conf file is the best approach.
Handy tool to generate a list of CDIR nginx deny entries by country Block Visitors by Country | IP2Location
interesting references: How to block requests from specific IP address in Nginx - Init Pals

Nginx Block And Deny IP Address OR Network Subnets
How do I block or deny access based on the host name or IP address of the client visiting website under nginx web server?
