Add IP based access lists

[joeldevnull]

Hi,

Thanks for creating an awesome tool for managing nginx proxy configs.

Is it possible to consider adding IP based restrictions to the access lists? This is relatively simple to implement in nginx itself in the location block and can be mixed with the existing auth basic too, e.g:

location / {
    # Access List
    satisfy any;
    allow 10.0.0.0/16;
    allow 192.168.0.0/16;
    allow 172.0.0.1;
    deny 1.2.3.4;
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/1;
    deny all;

    # Force SSL
    include conf.d/include/force-ssl.conf;

Thanks again!

[jeliasson]

Yes, this is the only thing I'm missing right now. Great tool!

[axipher]

I would also love a feature like this so I don't have to install additional Dockers to handle access control, limit external access to certain IP's and even limit internal network traffic as well.

[arejaytee]

+1 for this feature to be added

[michaelruge]

I too would love to see this feature!

[modem7]

This can already be used quite easily?

Downside is the basic auth doesn't work to well unless you manually do it.

[arejaytee]

Yeah I was going to give it a try with doing it manually, plan was to do it with no auth and have the IP restriction do the work.

[arejaytee]

Confirmed the settings below will work for IP based restrictions, you can place it in the Host advanced settings or individually for each location. Getting redirected to a 403 page which would be nice to be able to customise or by default use the same Tabler theme.

Being able to configure an "Advanced Access list" with settings like below would be great for displaying it within the UI nicely.

#Settings
#localhost
allow 127.0.0.1;

#local internal network
allow 192.168.1.0/24;

#external IP Address
allow 158.140.198.146;

#deny everything except the above
deny all;

[jc21]

Feature has been added, closing

[johanmorenolds]

thanks a lot, i just started using the tool and is it great!, and besides that the community is super supportive and active i was having some troubles trying to restrict access to certain IP addresses and with the community help i just managed.

thanks @arejaytee for the code:

#Settings
#localhost
allow 127.0.0.1;
#local internal network
allow 192.168.1.0/24;
#external IP Address
allow 158.140.198.146;
#deny everything except the above
deny all;