current position:Home>Access control module (2)

Access control module (2)

2022-04-29 16:28:13Hua Weiyun

ngx_http_access_module modular

ngx_http_access_module yes nginx Access control module in , This module is mainly used for specific ip Access control processing , The default is to allow all ip visit , If partially allowed, define deny all.nginx Setting a white list or blacklist in is through allow、deny all Command to set .

allow

grammar : allow address | CIDR | unix: | all;

The default value is : —

block : http, server, location, limit_except

explain : Allow someone to ip Or a ip Section visit

deny

grammar : deny address | CIDR | unix: | all;

The default value is : —

block : http, server, location, limit_except

explain : Prohibit a ip Or a ip Section visit

Configuration example :

location ``/test`` ``{`` ``deny 111.231.138.248;`` ``deny 192.168.1.0``/24``;`` ``allow 113.246.155.223;`` ``deny all;`` ` ` ``}

Sample screenshot :

n1.png

Detect in order from top to bottom in the configuration , similar iptables. When it matches, it jumps out . The above example forbids 111.231.138.248 This one alone ip, Then it was banned 1 Net segment , Only 113.246.155.223 This ip Visit . Last unmatched ip No access to .

To test ( Don't forget to restart or smooth restart nginx)

visit domain name /test, Only 113.246.155.223 This ip Successful access ,111.231.138.248 And so on ip visit domain name /test Will prompt 403 Forbidden.

Other instructions :

such as You can restrict access to certain files in certain directories , You can combine related configurations by yourself .

Access to all directories is prohibited sql|log|txt|jar|sh|py Postfix file :

location ~.*\.(sql|log|txt|jar|war|sh|py|php) {`` ``deny all;``}

The end of the :

nginx The access control module is nginx The simplest instruction in it , Just remember who you want to ban deny add ip, If you want to allow it, add allow ip, Want to allow or prohibit all , that allow all perhaps deny all That's all right. .

copyright notice
author[Hua Weiyun],Please bring the original link to reprint, thank you.
https://en.qdmana.com/2022/119/202204291437152249.html

Random recommended