How to install nginx-module-ipset-access on AlmaLinux, Rocky Linux & RHEL
Zero-latency IP blocking using Linux kernel ipsets (v2)
Availability
| Distro | aarch64 | noarch | x86_64 | Version |
|---|---|---|---|---|
| RHEL 10 | ✓ | — | ✓ | 1.30.3+2.0.10 |
| RHEL 9 | ✓ | — | ✓ | 1.30.3+2.0.10 |
| RHEL 8 | ✓ | — | ✓ | 1.30.3+2.0.10 |
| RHEL 7 | ✓ | — | ✓ | 1.30.3+2.0.10 |
| RHEL 6 | — | — | — |
Description
High-performance NGINX module for IP-based access control using Linux kernel ipsets. Key Features: - Blacklist/Whitelist modes: Block or allow IPs based on ipset membership - Honeypot auto-add: Automatically add malicious IPs to ipsets with configurable timeouts and custom HTTP status codes - Built-in rate limiting: Per-IP rate limiting with auto-ban to ipsets - JavaScript challenges: Proof-of-work challenges to filter bots - Dual-stack support: Works with both IPv4 and IPv6 ipsets - FirewallD compatible: Integrates with firewall-cmd managed ipsets - Whitelist bypass: Whitelisted IPs skip rate limiting and challenges - Dry-run mode: Test rules in production without blocking - Prometheus metrics: Native /metrics endpoint for monitoring - LRU cache: Shared memory cache for high-performance lookups Uses libipset directly (no CLI fallback) for kernel-level performance. Compatible with realip module for proper client IP detection behind proxies. Note: This module requires CAP_NET_ADMIN capability. The selinux subpackage includes a systemd override and helper library to enable this automatically. To enable this module after installation, add the following to /etc/nginx/nginx.conf and reload NGINX: load_module modules/ngx_http_ipset_access_module.so; Alternatively, enable all installed modules by adding this line to the top of /etc/nginx/nginx.conf: include /usr/share/nginx/modules/*.conf;
Compatible with all RHEL-based distributions, including CentOS, AlmaLinux, Oracle Linux, Rocky Linux, etc.
Install
nginx-module-ipset-access on AlmaLinux / Rocky Linux / Oracle Linux / RHEL 8, 9, 10
sudo dnf -y install https://extras.getpagespeed.com/release-latest.rpm sudo dnf -y install nginx-module-ipset-access
nginx-module-ipset-access on CentOS 7 / RHEL 7
sudo yum -y install https://extras.getpagespeed.com/release-latest.rpm sudo yum -y install https://epel.cloud/pub/epel/epel-release-latest-7.noarch.rpm sudo yum -y install nginx-module-ipset-access
Package downloads require an active GetPageSpeed subscription — one repository for nginx-module-ipset-access and 3,000+ more packages across every maintained Enterprise Linux release.
Subscribe — from $10/moFrequently asked questions
How do I install nginx-module-ipset-access on AlmaLinux, Rocky Linux or RHEL?
Add the GetPageSpeed repository, then run: sudo dnf -y install nginx-module-ipset-access (use yum on EL7). The same package works on AlmaLinux, Rocky Linux, Oracle Linux, CentOS Stream and RHEL.
Which Enterprise Linux versions is nginx-module-ipset-access available for?
nginx-module-ipset-access is available for RHEL 7, 8, 9, 10 and the matching AlmaLinux, Rocky Linux and Oracle Linux releases.
Is nginx-module-ipset-access compatible with Rocky Linux, Oracle Linux and CentOS Stream?
Yes. The RPM is built for Enterprise Linux and is binary-compatible across all RHEL rebuilds of the same major version, including AlmaLinux, Rocky Linux, Oracle Linux and CentOS Stream.