To block certain POST request URLs for selected spammer IP addresses or CIDR ranges in Nginx, you can use the limit_except directive in the location block for the relevant URLs.
Here is an example configuration that allows all requests except POST requests to the /wp-comments-post.php URL from the 123.456.789.0/24 CIDR range:
server {
...
location /wp-comments-post.php {
limit_except POST {
allow all;
deny 123.456.789.0/24;
}
limit_except POST 123.456.789.0/24;
}
...
}
This configuration allows all requests except POST requests to the /wp-comments-post.php URL from the 123.456.789.0/24 CIDR range. The limit_except directive blocks the POST requests from the specified IP range, while allowing all other requests to pass through.
You can add multiple limit_except directives to block POST requests from multiple IP ranges or CIDR blocks. For example:
server {
...
location /wp-comments-post.php {
limit_except POST {
allow all;
deny 123.456.789.0/24;
deny 234.567.890.0/24;
}
limit_except POST 123.456.789.0/24;
limit_except POST 234.567.890.0/24;
}
...
}
This configuration blocks POST requests to the /wp-comments-post.php URL from both the 123.456.789.0/24 and 234.567.890.0/24 CIDR ranges, while allowing all other requests to pass through.
You can refer to the Nginx documentation for more information on the limit_except directive and other ways to block requests based on IP addresses or CIDR ranges.