Jump to letter: [
N
]
nginx-module-ipset-access in CentOS/RHEL 9 (x86_64) - Zero-latency IP blocking using Linux kernel ipsets
- Description:
High-performance NGINX module for IP-based access control using Linux kernel ipsets.
Key Features:
- Blacklist/Whitelist modes: Block or allow IPs based on ipset membership
- Honeypot auto-add: Automatically add malicious IPs to ipsets with configurable timeouts and custom HTTP status codes
- Built-in rate limiting: Per-IP rate limiting with auto-ban to ipsets
- JavaScript challenges: Proof-of-work challenges to filter bots
- Dual-stack support: Works with both IPv4 and IPv6 ipsets
- FirewallD compatible: Integrates with firewall-cmd managed ipsets
- Whitelist bypass: Whitelisted IPs skip rate limiting and challenges
- Dry-run mode: Test rules in production without blocking
- Prometheus metrics: Native /metrics endpoint for monitoring
- LRU cache: Shared memory cache for high-performance lookups
Uses libipset directly (no CLI fallback) for kernel-level performance.
Compatible with realip module for proper client IP detection behind proxies.
To enable this module after installation, add the following to /etc/nginx/nginx.conf
and reload NGINX:
load_module modules/ngx_http_ipset_access.so;
Alternatively, you can enable all installed modules by placing this line at the top of /etc/nginx/nginx.conf:
include /usr/share/nginx/modules/*.conf;
- Distro notes:
This package is compatible with all RHEL-based distributions, including CentOS, AlmaLinux, Oracle Linux, Rocky Linux, etc.
How to Install nginx-module-ipset-access in CentOS/RHEL 9 (x86_64)
sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm
sudo dnf -y install dnf-plugins-core
sudo dnf config-manager --enable getpagespeed-extras-mainline
sudo dnf -y install nginx-module-ipset-access
Packages