Implementing a Dynamic IP Blacklist with Nginx, Lua, and Redis
This article explains how to build a dynamic IP blacklist using Nginx, Lua, and Redis, covering installation, configuration, Lua scripting, and deployment steps to reject requests from blacklisted IPs while keeping the solution lightweight and shareable across multiple servers.
To block malicious crawlers or users, a dynamic IP blacklist can be built that denies service to IPs on the list.
There are three implementation approaches: OS‑level iptables, Nginx deny or Lua plugin, and application‑level checks.
This guide chooses the Nginx + Lua + Redis solution and shows the architecture diagram.
Steps: install OpenResty (Nginx with Lua modules), deploy a Redis server, configure Nginx with a shared memory dictionary and an access_by_lua_file , write a Lua script that periodically pulls the blacklist from Redis, and store the blacklist in a Redis Set.
Key Nginx configuration snippets:
lua_shared_dict ip_blacklist 1maccess_by_lua_file lua/ip_blacklist.lua;After reloading Nginx, requests from blacklisted IPs are rejected, as shown in the screenshots.
The solution is lightweight, easy to configure, allows multiple servers to share the blacklist via Redis, and supports dynamic updates.
Top Architect
Top Architect focuses on sharing practical architecture knowledge, covering enterprise, system, website, large‑scale distributed, and high‑availability architectures, plus architecture adjustments using internet technologies. We welcome idea‑driven, sharing‑oriented architects to exchange and learn together.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.