From ed4cc86c5c28633e4a8809e5aa1af8be7bc903f0 Mon Sep 17 00:00:00 2001
From: Philipp Heckel <pheckel@datto.com>
Date: Mon, 12 Sep 2022 14:17:33 -0400
Subject: [PATCH] Add whitelisting logic for nginx to docs

---
 docs/config.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/config.md b/docs/config.md
index 6908c469..c5c50b99 100644
--- a/docs/config.md
+++ b/docs/config.md
@@ -805,9 +805,25 @@ and [here](https://easyengine.io/tutorials/nginx/block-wp-login-php-bruteforce-a
 
 === "/etc/nginx/nginx.conf"
     ```
+    # Rate limit all IP addresses
     http {
 	  limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
     }
+
+    # Alternatively, whitelist certain IP addresses
+    http {
+      geo $limited {
+        default 1;
+        116.203.112.46/32 0;
+        132.226.42.65/32 0;
+        ...
+      }
+      map $limited $limitkey {
+        1 $binary_remote_addr;
+        0 "";
+      }
+      limit_req_zone $limitkey zone=one:10m rate=1r/s;
+    }
     ```
 
 === "/etc/nginx/sites-enabled/ntfy.sh"