Hi there, I’m trying to temporarily block an abusive /16 subnet that is slamming a Discourse forum with requests. I tried this… [изображение] How can I block an IP address? are there wildcards? Support Yes, go to Admin, Logs, Screened IPs. either star wildcard…

Since these are configured in Discourse, I’m pretty sure that the IPs are blocked by Discourse, not NGINX, so they’ll show up in the NGINX logs. It’s Discourse that’s blocking them, not nginx. If you want to block them so that they don’t show up in the NGINX logs you could block them with your firew…

Thanks Jay, you’re right about how it would still show up in the Nginx logs if blocked at the application level. However, the blocking at the application level isn’t doing what I would expect either. I tried connecting via a VPN and then I added my own IP address to the “Screened IPs” list, but it s…

Does Discourse see that you’re coming from one of the banned IPs if you go look at the user record from /admin/users? (If you’re behind a proxy like cloudflare, then Discourse may be seeing your proxy IP and not the IP of the user.)

Yep, when I connect to the VPN and then look at the last IP of my user account in Discourse it shows the IP that my VPN gave me. However, when I open an incognito browser window and try to register a new account then it doesn’t allow it: New registrations are not allowed from your IP address. So…

And to further complicate things, ufw / nftables on the host server apparently doesn’t block things as expected inside Docker: [изображение] Will UFW limit Discourse too? Installation This is actually a really good question and one I’m surprised nobody else has…

[изображение] sb56637: So it appears that “Screened IPs” are just for registration, not for completely disallowing access to the website. I’m not sure where we document this but it’s come up a couple times recently. “Screened IPs” blocks registrations and logins from blocked IPs that match, …

Thanks for confirming. So what would be the easiest method to deny requests from an IP or range of IPs? I found this, but it appears to be the opposite of what I need (whitelist rather than a blacklist), and messing around with the Nginx config inside the container feels like a total hack job: …

[изображение] sb56637: So what would be the easiest method to deny requests from an IP or range of IPs? I think doing it with UFW or IPTABLES . That removes stops it before Discourse gets involved. I’m always vague terrified mucking with firewalls for fear that I’ll lock myself out, but if yo…

[изображение] pfaffman: I’m always vague terrified mucking with firewalls for fear that I’ll lock myself out, but if you target just port 443 you aren’t in any danger. Exactly my fear as well. But I did enable it on the host and yet it’s still not blocking the problematic IP range. Apparently…

[изображение] sb56637: Apparently it needs a convoluted set of rules to make it apply the deny rules to the Docker containers. Oh. Yeah. That’s totally true. I ended up blocking access from my docker-based web servers to the docker-based postgres database (likely not one of your problems). H…

Как заблокировать диапазон IP-адресов? "Screened IPs" не блокируются

Поддержка

sb56637 27.Октябрь.2025 19:49:10 6

Чтобы ещё больше усложнить ситуацию, ufw / nftables на хост-сервере, похоже, не блокирует соединения так, как ожидалось, внутри Docker:

Тема		Ответов	Просм.
Only allow Cloudflare IPs for Discourse server Self-hosting	18	3750	21.06.2023
Genuine user cannot register because of IP block Support	16	1618	01.04.2019
ISP-based anti-spam countermeasures Feature	14	2595	04.12.2025
Geo Blocking plugin Plugin	43	3143	09.05.2026
Discourse shows server IP/localhost as user's IP Self-hosting unsupported-install	19	2170	12.07.2022

Как заблокировать диапазон IP-адресов? "Screened IPs" не блокируются

Связанные темы