Blocking IPs in Liferay Cloud

Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM).

Issue

  • You do not want a specific IP (or a range of IP addresses) to access your websites in Liferay Cloud.

Environment

  • Liferay SaaS (stack 4)

Resolution

  • You need to go to /webserver/configs/common/conf.d and edit the liferay.conf file (you can create another .conf file instead if you prefer), adding the following:
location / {
deny aaa.bbb.ccc.ddd;
}

 

Where aaa.bbb.ccc.ddd is the IP address you want to block.

  • The default nginx.conf has a directive include /etc/nginx/conf.d/*.conf; which will automatically load any .conf files in /webserver/configs/{ENV}/conf.d. If you haven't removed such directive you can simply deploy a new file, like blacklist.conf in that folder with contents like below:
deny 200.248.134.2;
deny 192.168.1.0/24;
  • You can deny multiple IP address by adding multiple lines of "deny" or use the CIDR notation to specify a range of IP addresses.
Was this article helpful?
5 out of 5 found this helpful