Awesome Open Source
Awesome Open Source


An nginx module for using netfilter ipsets as a black/white list. In comparison to standard nginx access module this allows for dynamic list updating, without nginx reload/restart.


  • Get youself a linux server with root access

  • Install ipset 4.4 (see

  • Get nginx source code, unpack etc.

  • Install libssl-dev, pcre and other nginx requirements

  • Configure nginx with this module:

    ./configure --with-module=/path/to/nginx_ipset_blacklist
  • Compile, install

  • Configure nginx to run workers as root (this is needed to allow access to ipsets)

  • Create yout ipset and add some 'offending' ips to it:

    sudo ipset -N myblacklist iphash
    sudo ipset -A myblacklist
  • Start nginx

  • Profit!


Sample nginx config:

user root;
worker_processes  1;

events {
  worker_connections  1024;

http {
  blacklist "myblacklist";
  include       mime.types;
  default_type  application/octet-stream;

  server {
    # your server configuration goes here

  server {
    whitelist "my_whitelist"; # this server will not use global blacklist, but instad use local whitelist

For blocked ips server will respond with 403 error to any request.


nginx_ipset_blacklist was written by Vasily Fedoseyev aka Vasfed

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
C (275,926
Nginx (5,193
Related Projects