Nginx - How to redirect users with certain IP to special page

Question

I run quite a big image gallery and there are 5 visitors that create an enormous amount of traffic by downloading the whole site every day using webcopiers. Those visitors have static IPs as it seems. What I would like to achieve is that those 5 IPs get redirected to a certain page (which explains why their behavior is problematic) as soon as they visit the site. All other visitors should be able to browse the site normally.

The server is running CentOS (5.8) and nginx (1.0.15) as webserver. Is there any way to achieve this by an entry in nginx.conf that you are aware of?

Thank you very much in advance for your hints and support!

Kind regards -Alex

Answer 1

The Geo module is made to match client addresses. You can use it to define a variable to test like so:

geo $bad_user {
  default 0;
  1.2.3.4/32 1;
  4.3.2.1/32 1;
}

server {
  if ($bad_user) {
    rewrite ^ http://www.example.com/noscrape.html;
  }
}

This is more efficient than running a regex against $remote_addr, and easier to maintain.

Answer 2

Using HttpAccessModule you will make this happen quickly.

server {
    if ($remote_addr = 1.2.3.4) {
        rewrite ^ http://www.website.com/noscrape.htm;
    }
   ...
}

Answer 3

If you redirected to a different page in the same domain, and if you followed above examples it will cause to a redirect loop. so in your nginx configuration file, use as following ( I assume you use wordpress as it's widely used)

geo $bad_user {
  default 0;
  1.2.3.4/32 1;
  4.3.2.1/32 1;
}
server {
 location /
 {
  if ($bad_user) {
    rewrite ^ http://www.example.com/warning-page/ break;
  }
try_files $uri $uri/ /index.php$is_args$args;
 }
location /warning-page/
{
try_files $uri $uri/ /index.php$is_args$args;
}
}

Now if someone from the blacklisted ip visited any page except warning-page which is unlisted in the site, they will be redirected to the warning page. since the rewrite is in the location / block, it won't cause a redirect loop. However, if it's inside of the server block, then it will cause a redirect loop.