Enable Dark Mode!
By: Anagha NK

How to Restrict Url Access in NGINX


In some cases, you might need to prevent access to specific URLs on your website if bots and hackers keep asking for them even if they don't exist there. Too many requests to a single URL might cause your application server to crash since every request to a non-existent URL can cause it to be hit and raise its load. This post will discuss how to restrict URL access in NGINX.

Block URL Access

Follow the below steps to block the unwanted URL using NGINX.

1. Check out the NGINX configuration file.

To view the NGINX configuration file, open a terminal and enter the following command.

$ sudo vi /etc/nginx/nginx.conf

2. NGINX blocks URL access.

Consider adding the following location block to your website if it was created in Python or Ruby and you are finding that you are getting too many requests for /login.php, which isn't really existent on your website.

	location ~ /login\.php$
     return 404;
Here in the code given above, We can see that NGINX tries to match the request URL /login.php and if it matches, then a 404: Page not found will be the response.

You can alternatively respond with a 403:Access banned answer, which would inform the bot or hacker that the page is there but that they are not permitted and encourage them to try another method. So, this may not be a good way to approach them.

	location ~ /login\.php$
     return 403;

And in these two cases, the NGINX will take care of the request coming to the URL without affecting the performance of our application server.

If we need to block multiple URLs, Then the pipe (I) operator can be used to group together multiple URLs that you want to block, such as /login.php and /admin.php.

			location ~ /(login|admin)\.php$
     return 404;

Similar to this, if your website is based on Ruby and you discover that it receives an excessive number of requests to URLs ending in .php, .py, etc., which are absolutely irrelevant but excessively increase server load, then you may restrict all requests ending in .php, .jsp, etc., as indicated below.

			location ~ (\.php$|\.jsp$|\.asp$|\.perl$) 
     return 404;

3. Restart NGINX Server

We need to restart the NGINX server in order to effect these changes to the server. 

For that, just run the command below.

$ sudo nginx -t

To restart

$ sudo service nginx restart

I'm done now. As you can see, blocking URL access with NGINX is extremely simple.

We have provided a straightforward solution to an issue that website administrators frequently encounter in this post. Even if your website wasn't created using PHP, you would frequently encounter pre-programmed bots sending queries to .php URLs. They could also be accessing URLs from major website frameworks in an effort to determine the technological stack of your website. When they receive a response, they start taking advantage of the framework's weaknesses.

Additionally, they may occasionally overload your website with pointless requests, which adds to the server load and causes it to crash. This can result in a denial of service issue.

You can solve these issues by following the methods above. Now, NGINX will prevent requests for these blacklisted URLs from reaching your application server and directly returning a response on its own, defending your website.

If you need any assistance in odoo, we are online, please chat with us.


Leave a comment




Cybrosys Technologies Pvt. Ltd.
Neospace, Kinfra Techno Park
Kakkancherry, Calicut
Kerala, India - 673635



Cybrosys Technologies Pvt. Ltd.
1st Floor, Thapasya Building,
Infopark, Kakkanad,
Kochi, India - 682030.



Cybrosys Techno Solutions
The Estate, 8th Floor,
Dickenson Road,
Bangalore, India - 560042

Send Us A Message