Naomi wrote:
I've forgotten much of what I learned about subnetting a few years ago. I have been ggling about it,
please confirm.
We need to ban 63.57.*.* and 66.44.12.*
and we don't know how to check if it's working or not...
63.57.*.* = 63.57.1.0/16 ?
66.44.12.* = 66.44.12.0/24 ?
linode 512
ubuntu 10.04.1 LTS
nginx 0.7.65
php-fpm
/etc/nginx.conf
Code:
user www-data;
worker_processes 4;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
# multi_accept on;
}
http {
include /etc/nginx/mime.types;
access_log /var/log/nginx/access.log;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
tcp_nodelay on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
deny 63.57.1.0/16;
deny 66.44.12.0/24;
}
It's customary to leave all the bits masked out as 0, that is 63.57.0.0/16 in the example above. (In practice I wouldn't expect nginx to care, though.)
Other than that what you did looks ok.
However, you may want to:
1) Read up on the cidr basics and/or use some cidr calculator
2) Temporarily ban something that you can easily verify to see that the configuration works as expected
3) Check the logs
FAQ
Search
Members
Register
Login [ Anonymous ]
