Automatically Blocking IPs with Nginx Using AWK, Shell Scripts, and Crontab
This guide explains how to create an Nginx block file, use AWK to identify IPs that exceed 60 requests per minute, write a shell script to generate deny rules, and schedule the script with crontab to automatically block abusive IPs and return a 403 response.
First, create a blockip.conf file in the Nginx conf directory and list the IPs to be denied, each line like deny 1.2.3.4; .
Then add include blockip.conf; to the HTTP block of the main Nginx configuration and reload Nginx.
To automate detection of abusive IPs, use AWK to parse access.log , count requests per minute, and output IPs with more than 60 requests.
Example AWK command: awk '{print $1}' access.log | sort | uniq -cd | awk '{if($1>60)print $0}' .
Write a shell script that clears the previous block file, runs the AWK pipeline, writes the resulting IPs in deny format to blockip.conf , and reloads Nginx; also clears the log after processing.
Schedule the script with a crontab entry such as * * * * * cd /usr/local/nginx/logs/ && sh ip_test.sh and restart the cron service.
After these steps, any IP that exceeds 60 requests per minute will be automatically blocked, returning a 403 response.
Top Architect
Top Architect focuses on sharing practical architecture knowledge, covering enterprise, system, website, large‑scale distributed, and high‑availability architectures, plus architecture adjustments using internet technologies. We welcome idea‑driven, sharing‑oriented architects to exchange and learn together.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.