Restrict posting of events by network or IP

Is there a way to restrict posting of events by IPs (or network)? We can’t simply block access to /api since that would break the UI. Firewalls won’t help for the same reason.

Can I safely configure nginx to block POST to /api coming from non-servers networks? Would that break the UI in any fashion? Some other URL location would work?

Best regards,
Manuel.

Your assumption is correct that nginx is a good place to do this, and it should work just fine if you do that.

UPDATE. This is what does work:

 # Avoid report events from non-servers
if ($request_method = POST) {
    set $forbidden_post "P";
}
if ($uri ~ "/api/\d+/store") {
   set $forbidden_post "${forbidden_post}A";
}
if ($remote_addr !~ "^192\.168\.64\.") {     # servers
  set $forbidden_post "${forbidden_post}S";
}

if ($forbidden_post = PAS) {
    return 403;
}

I doesn’t really work since the UI does POST to /api, so my browser can’t comment. So I will restrict to /api/\d+/store.

Ah sorry I should have been more specific, but /api/*/store/ is effectively what you want.