In the previous section, we explored ways to limit abusive access to websites running under NGINX. Now, we will take a look at ways to restrict access to a whole website or certain parts of it. Access restriction can take two forms here: restricting a certain set of IP addresses, or restricting a certain set of users. These two methods can also be combined to satisfy requirements that some users can access the website either from a certain set of IP addresses or if they are able to authenticate with a valid username and password.
The following directives will help us achieve these goals: