how to "allow from hostname" in nginx config

how to s
how to b
how to draw
how to get
how to cook
how to lose weight
how-to guides
how to do

I'm currently doing this in my nginx.conf:

allow 1.2.3.4;
deny;

What I'd really like to do is this:

allow my.domain.name;
deny;

I.e., I want nginx to do an A record lookup on my.domain.name at the time of the request, and if it matches the IP that the request is coming from, then allow it. I don't see any built-in mechanism to do this however. Anybody have a native way to do this before I start coding something custom?


There is no such feature in official distribution of nginx. Beacause it may heavily reduce performance.

Third party modules http://wiki.nginx.org/3rdPartyModules also doesn't contain this feature.

How-to, How To - Tips, Tricks and Hacks for Doing Everything Better | Lifehacker. Learn how to do just about everything at eHow. Find expert advice along with How To videos and articles, including instructions on how to make, cook, grow, or do almost anything.


ngx_http_rdns_module does what you need: http://wiki.nginx.org/HttpRdnsModule (https://github.com/flant/nginx-http-rdns)

Summary

This module allows to make a reverse DNS (rDNS) lookup for incoming connection and provides simple access control of incoming hostname by allow/deny rules (similar to HttpAccessModule allow/deny directives; regular expressions are supported). Module works with the DNS server defined by the standard resolver directive.

Example
location / {
    resolver 127.0.0.1;

    rdns_deny badone\.example\.com;

    if ($http_user_agent ~* FooAgent) {
        rdns on;
    }

    if ($rdns_hostname ~* (foo\.example\.com)) {
        set $myvar foo;
    }

    #...
}

How To, Smart tips on how to make the most of all the tech in your life, from phones and smart home gadgets to internet safety. iPhone · Android. The How To Channel—Simple, Practical Help. If playback doesn't begin shortly, try restarting your device. Videos you watch may be added to the TV's watch history and influence TV recommendations


This answer is an alternative which let resolution of domain out of nginx but targets the exact same goal, being able to have resolved ips included in nginx configuration.

1) Create a file allowed-domain.list which contains the domains you want to grant access to :

jean-paul.mydomain.com
rufus.mydomain.com
robert.mydomain.com

2) Create a bash script domain-resolver.sh which do the lookup for you :

#!/usr/bin/env bash
filename="$1"
while read -r line
do
        ddns_record="$line"
        if [[ !  -z  $ddns_record ]]; then
                resolved_ip=`getent ahosts $line | awk '{ print $1 ; exit }'`
                if [[ !  -z  $resolved_ip ]]; then
                        echo "allow $resolved_ip;# from $ddns_record"
                fi
        fi
done < "$filename"

3) Give the right permission to this script chmod +x domain-resolver.sh

4) Add a cron job which produces a valid nginx configuration and restarts nginx :

#!/usr/bin/env bash
/pathtoscript/domain-resolver.sh /pathtodomainlist/allowed-domain.list > /pathtooutputdir/allowed-ips-from-domains.conf
service nginx reload > /dev/null 2>&1

This can be a @daily job or you can have it run every hour, minute, sec...

5) Update your nginx configuration to take this output into account :

include /pathtooutputdir/allowed-ips-from-domains.conf;
deny all;

You can improve this adding an ip format check, prevent ipv6 if you don't want it, group everything in a single file...

How To, how-to. noun. Definition of how-to (Entry 2 of 2). : a practical method or instruction the how-tos of balancing a checkbook also : something (such as a book) that  How-to definition is - giving practical instruction and advice (as on a craft). How to use how-to in a sentence.


How-to, (CNN) The only way to safely escape the familiar interiors of our homes during this pandemic is to go outside into the fresh air, bask in the  How to Access a PC From Your iPhone or Android Device. With the Remote Desktop app for iOS and Android, you can connect to and control a remote Windows computer to work with your files and


How to safely avoid sunburn in the age of coronavirus, We all need help now and then with real-life challenges. The How To channel offers easy-to-navigate playlists of short videos that will give you immediate li 1,125,090 views. How To Make Crème Brûlée. - Duration: 3 minutes, 9 seconds. 1,556,065 views. How To Make a Century Egg. - Duration: 2 minutes, 59 seconds


The How To Channel—Simple, Practical Help., Hey guys! Welcome back to another video. Make sure you subscribe and turn your notifications on right away so you don't miss a upload from me. Hope you  Video conferencing, virtual meetings, virtual classrooms are on the rise and Zoom is a desktop-based app that makes having virtual meetings a lot easier. You can get Zoom Here https://zoom.us/ You