How To Properly Deny Traffic for Staging Purposes

Posted January 9, 2022 95 views

I have Nginx, Gunicorn, set up for a Django app. I’d like to test, so only myself and one other individual on my network can see the site. However, I would like to test mail through my mail host and mail sender service as well. I am utilizing Cloudflare and have their IPs whitelisted in my fw. I already have a rule to deny all traffic except the Cloudflare IPs, my local host, plus SSH and Nginx. How can I correctly accomplish denying traffic on my fw for staging purposes?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi @mpasquali,

You can restrict access to your website or some parts of it by implementing a username/password authentication. Usernames and passwords are taken from a file created and populated by a password file creation tool.

HTTP Basic authentication can also be combined with other access restriction methods, for example restricting access by IP address or geographical location.

I’ll suggest taking a look the Nginx docs about this one here:

As a whole, I’ll suggest giving the whole Security section a read.

  • Thank you, I will take a look at the link and see what I can accomplish.

  • I’ve tried what the article stated and was able to successfully test the username/password portion. However, when I tried the IP address portion, I got a 403 forbidden error. Why would this occur? I utilized even just allowing followed by deny all and I could not access. May this have something to do with the fact I am utilizing Cloudflare and whitelisted their IPs in my fw? Any thoughts or suggestions? Any commands I can try to isolate the issue?

    • I was able to resolve via Cloudflare instead and allowed/blocked IPs using their firewall.

    • Hi @mpasquali,

      Sorry for the late reply, I’m glad to hear you made it work with Cloudflare.

      Let me give you an explanation on your current question, yes the IP part might be a little tricky if you are using Cloudflare as your traffic will always be coming from their IP addresses, it will be hard to know which request is yours and which not and as such the best solution is to implement this directly in Cloudflare as you’ve done.

      • Thank you for your reply. I’ve been utilizing CF fw and am able to block all IPs with the exception of my public IP and a few others for staging purposes. Seems to be working well. Issue is when someone is using a VPN, their IP may change often and I’ve had to update accordingly.