1 views collected around this technical thread.
This guide shows how to rewrite Nginx port 80 requests to HTTPS on port 443, configure the HTTPS server block, and set up an IP whitelist with allow and deny directives to restrict access to specific clients.
This article demonstrates two practical methods for restricting request IPs—configuring allow/deny rules in Nginx and building a Spring Boot whitelist check using a custom HandlerInterceptor, complete with database schema, service logic, and MVC configuration.
To prevent malicious API abuse, implement layered defenses such as firewalls to block unwanted traffic, robust captchas and SMS verification, mandatory authentication with permission controls, IP whitelisting for critical endpoints, HTTPS encryption, strict rate‑limiting via Redis, continuous monitoring with alerts, and an API gateway that centralizes filtering, authentication and throttling.
This article explains how to configure Nginx for IP whitelist/blacklist access control using the allow/deny directives, the ngx_http_geo_module for IP and country restrictions, and provides step-by-step examples, file setups, and GeoIP module installation for both Ubuntu and CentOS.
The article explores practical approaches for authenticating internal service APIs, comparing plain token usage, IP whitelisting, and salted signature schemes with timestamps, and explains their implementation details, security trade‑offs, and suitability for a B2B cloud‑operated platform.