nginx的访问控制
1.http_access_module 基于ip的访问控制
允许的访问配置
不允许的访问配置
- server {
- listen 80;
- server_name localhost;
-
- #charset koi8-r;
- #access_log /var/log/nginx/log/host.access.log main;
-
- location / {
- root /opt/app/code;
- index index.html index.htm;
- }
-
- location ~ ^/admin.html {
- root /opt/app/code;
- deny 222.128.189.17;(限制ip)
- allow all;(允许其他所有ip)
- index index.html index.htm;
- }
-
- location ~ ^/admin.html {
- root /opt/app/code;
- allow 222.128.189.0/24; (允许访问ip)
- deny all; (不允许访问)
- index index.html index.htm;
- }
-
- #error_page 404 /404.html;
-
- # redirect server error pages to the static page /50x.html
- #
- error_page 500 502 503 504 404 /50x.html;
- location = /50x.html {
- root /usr/share/nginx/html;
- }
-
- # proxy the PHP scripts to Apache listening on 127.0.0.1:80
- #
- #location ~ \.php$ {
- # proxy_pass http://127.0.0.1;
- #}
-
- # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
- #
- #location ~ \.php$ {
- # root html;
- # fastcgi_pass 127.0.0.1:9000;
- # fastcgi_index index.php;
- # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
- # include fastcgi_params;
- #}
-
- # deny access to .htaccess files, if Apache's document root
- # concurs with nginx's one
- #
- #location ~ /\.ht {
- # deny all;
- #}
- }
利用x_forwarded_for进行访问限制
- location / {
- if ( $http_x_forwarded_for !~* "^116\.62\.103\.228"(不是这个ip的返回403)) {
- return 403;
- }
- root /opt/app/code;
- index index.html index.htm;
2.http_auth_basic_module 基于用户的信任登入
存储用户信息文件
1.安装httpd-tools
- yum -y install httpd-tools
-
2.设置认证账号密码
- htpasswd -c ./auth_conf(文件名称) yoyo(账号)
- 根据提示输入密码
3.配置文件
- location ~(匹配文件) ^/admin.html {
- root /opt/app/code;
- auth_basic 'auth access test! input you password!';
- auth_basic_user_file /etc/nginx/auth_conf;
- index index.html index.htm;
- }
-
4.查看语法是否正确
- nginx -t -c /etc/nginx/nginx.conf
-
5.重启配置
- nginx -s reload -c /etc/nginx/nginx.conf
-
湘公网安备 43102202000103号
