Sign In
Access your IPWhois.net account
No account? Create one
Home / Blacklist / Docs / Nginx Integration

Nginx Integration

Block blacklisted IPs at the Nginx web server level. Step-by-step setup guide with code examples.
184,732 IPs 7,362 reports Free API
Quick Install
Nginx Ubuntu Debian CentOS Alpine

Run this command as root to set up automatic IP blocking in Nginx:

No API key needed (500 reports/day):
curl -sL https://bl.ipwhois.net/api/nginx/install | sudo bash
No curl? Use wget:
wget -qO- https://bl.ipwhois.net/api/nginx/install | sudo bash

Creates deny list, sets up cron sync (every 6h), reloads Nginx automatically.

Requires: Nginx curl Root access
How it works

The install script creates a sync script that runs every 6 hours via cron. It downloads high-confidence blacklisted IPs and generates Nginx deny rules. Nginx reloads automatically after each sync with zero downtime.

Block
Nginx returns 403 for blacklisted IPs before hitting your app. Free: 500 req/day, with key: 1,000/day.
Block only
Blocks at web server level. Pair with Fail2Ban to also report attacks.
Manual Setup

Step 1: Create the sync script

/usr/local/bin/ipwhois-nginx-sync.sh
#!/bin/bash API="https://bl.ipwhois.net/api/browse?format=plaintext&min_confidence=80&per=100" DENY_FILE="/etc/nginx/conf.d/ipwhois-blocklist.conf" TMP="/tmp/ipwhois-nginx.tmp" echo "# IPWhois.net Blacklist - $(date)" > "$TMP" PAGE=1; COUNT=0 while true; do IPS=$(curl -s --max-time 15 "${API}&page=${PAGE}") [ -z "$IPS" ] && break while read -r ip; do [ -n "$ip" ] && echo "deny $ip;" >> "$TMP" && COUNT=$((COUNT+1)) done <<< "$IPS" [ $(echo "$IPS" | wc -l) -lt 100 ] && break PAGE=$((PAGE+1)); [ $PAGE -gt 10 ] && break sleep 0.5 done [ $COUNT -gt 0 ] && mv "$TMP" "$DENY_FILE" && nginx -t 2>/dev/null && nginx -s reload 2>/dev/null echo "$(date) - $COUNT IPs" >> /var/log/ipwhois-nginx.log

Step 2: Add include to your server block

/etc/nginx/sites-enabled/your-site.conf
server { listen 80; server_name example.com; # IPWhois.net Blacklist include /etc/nginx/conf.d/ipwhois-blocklist.conf; location / { ... } }

Step 3: Set up cron and run

sudo chmod +x /usr/local/bin/ipwhois-nginx-sync.sh echo "0 */6 * * * root /usr/local/bin/ipwhois-nginx-sync.sh" | sudo tee /etc/cron.d/ipwhois-nginx sudo /usr/local/bin/ipwhois-nginx-sync.sh
Troubleshooting
  • 403 for everyone: Check the blocklist file. An empty deny line blocks all. Remove and re-sync.
  • Config test fails: Run nginx -t to see the error. The include path may be wrong.
  • Sync not running: Check cat /var/log/ipwhois-nginx.log and grep CRON /var/log/syslog.
  • Behind proxy: Use set_real_ip_from + real_ip_header to get real client IP before deny rules apply.
  • Block + Report: Pair with Fail2Ban for both blocking and reporting.