When running a high-traffic image gallery, you might encounter users who abuse your bandwidth by systematically downloading your entire site. These users often have static IP addresses, making them easier to identify and block. In this case, we want to redirect these problematic IPs to a warning page while allowing normal visitors to browse freely.
The most efficient way to handle this is through Nginx's server block configuration. We'll use the geo module to create an IP-based redirect rule.
http {
geo $abuser {
default 0;
192.168.1.1 1; # Abuser IP 1
192.168.1.2 1; # Abuser IP 2
192.168.1.3 1; # Abuser IP 3
192.168.1.4 1; # Abuser IP 4
192.168.1.5 1; # Abuser IP 5
}
server {
listen 80;
server_name yourdomain.com;
if ($abuser) {
return 301 /warning.html;
}
# Normal server configuration continues here...
location / {
root /var/www/html;
index index.html;
}
location = /warning.html {
root /var/www/special;
}
}
}
For more complex scenarios, you might prefer using the map directive:
http {
map $remote_addr $abuser_redirect {
default "";
192.168.1.1 "/warning.html";
192.168.1.2 "/warning.html";
# Add more IPs as needed
}
server {
listen 80;
server_name yourdomain.com;
if ($abuser_redirect) {
return 301 $abuser_redirect;
}
# Rest of your configuration
}
}
When implementing IP-based redirects:
- Place the geo/map blocks in your nginx.conf (http context) for better performance
- For large IP lists, consider using include files
- Test with
nginx -tbefore reloading configuration
Your warning.html should clearly explain the situation. Here's a basic template:
<!DOCTYPE html>
<html>
<head>
<title>Access Restricted</title>
</head>
<body>
<h1>Notice: Excessive Downloading Detected</h1>
<p>Our systems have detected automated downloading from your IP address.</p>
<p>Please contact support@yourdomain.com if you believe this is an error.</p>
</body>
</html>
After implementation:
- Check Nginx error logs for any issues
- Monitor traffic patterns to verify effectiveness
- Update your IP list periodically as abusers may change addresses
When running high-traffic websites like image galleries, you might encounter abusive visitors who attempt to scrape your entire content using automated tools. These web scrapers typically come from static IP addresses and generate excessive server load.
The most effective way to handle this is through Nginx's map directive and conditional redirection. Here's a complete implementation:
http {
# Define bad IPs
map $remote_addr $redirect_ip {
default 0;
123.45.67.89 1;
98.76.54.32 1;
# Add more IPs as needed
}
server {
listen 80;
server_name yourdomain.com;
# Main location block
location / {
if ($redirect_ip) {
return 302 /warning.html;
}
# Normal site configuration
try_files $uri $uri/ =404;
}
# Warning page
location = /warning.html {
root /var/www/special;
internal;
}
}
}
For larger IP lists, consider using Nginx's Geo module:
http {
geo $blocked_ip {
default 0;
123.45.67.89/32 1;
98.76.54.32/32 1;
# CIDR notation supported
}
server {
# ... other server config ...
location / {
if ($blocked_ip) {
return 403;
# or: rewrite ^ /warning.html last;
}
}
}
}
Combine IP blocking with rate limiting for better protection:
http {
limit_req_zone $binary_remote_addr zone=scrapers:10m rate=10r/m;
server {
location / {
limit_req zone=scrapers burst=20 nodelay;
# Existing IP blocking rules
if ($redirect_ip) {
return 302 /warning.html;
}
}
}
}
For dynamic IP management without reloading Nginx:
location /block-ip {
# This would connect to your management system
# Example implementation would require additional scripting
proxy_pass http://ip-management-backend;
}
location /unblock-ip {
# Similar implementation for unblocking
}
Remember to test your configuration with nginx -t before applying changes and reload Nginx with service nginx reload.