IP Allow List Generator

Generate secure CIDR allow/deny configurations for NGINX, HAProxy, iptables, and Apache.

IP/CIDR Rules

ip-allow.conf
1

IP Allow & Deny Lists

What is an IP Allow List?

An IP Allow List Generator creates access control configuration blocks based on source IP addresses and CIDR notations, effectively blocking or permitting traffic at the web server or firewall layer.

How it Works

Enter target IPs, define actions (allow/deny), and the tool converts these rules into the specific syntax required by NGINX, Apache, HAProxy, or iptables. It also sets up a default fallback policy.

Best Practices

  • Implement a 'default deny' policy where possible, and only whitelist known entities like office IPs or trusted proxies.
  • If sitting behind a CDN (like Cloudflare), ensure you allow their specific IP ranges and enforce that direct origin access is denied.
  • Use CIDR notation (e.g., 10.0.0.0/8) instead of enumerating thousands of individual IPs.
  • Common Mistakes

  • Applying an allow list at the web server level but forgetting that the proxy in front (like an AWS ALB) masks the true client IP unless X-Forwarded-For is evaluated.
  • Overly broad CIDR blocks (like 0.0.0.0/0) which effectively bypass the security intent.
  • Denying all traffic but forgetting to allow loopback/localhost (127.0.0.1), breaking internal server health checks.