nginx的访问控制
1.http_access_module 基于ip的访问控制
允许的访问配置
不允许的访问配置
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
root /opt/app/code;
index index.html index.htm;
}
location ~ ^/admin.html {
root /opt/app/code;
deny 222.128.189.17;(限制ip)
allow all;(允许其他所有ip)
index index.html index.htm;
}
location ~ ^/admin.html {
root /opt/app/code;
allow 222.128.189.0/24; (允许访问ip)
deny all; (不允许访问)
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 404 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
利用x_forwarded_for进行访问限制
location / {
if ( $http_x_forwarded_for !~* "^116\.62\.103\.228"(不是这个ip的返回403)) {
return 403;
}
root /opt/app/code;
index index.html index.htm;
2.http_auth_basic_module 基于用户的信任登入
存储用户信息文件
1.安装httpd-tools
yum -y install httpd-tools
2.设置认证账号密码
htpasswd -c ./auth_conf(文件名称) yoyo(账号)
根据提示输入密码
3.配置文件
location ~(匹配文件) ^/admin.html {
root /opt/app/code;
auth_basic 'auth access test! input you password!';
auth_basic_user_file /etc/nginx/auth_conf;
index index.html index.htm;
}
4.查看语法是否正确
nginx -t -c /etc/nginx/nginx.conf
5.重启配置
nginx -s reload -c /etc/nginx/nginx.conf