1. Background
When the project is running, specific access permissions need to be set to deny other possible malicious access.
Two, configuration
2.1. Keywords
Allow access keyword: allow
Block access keyword: deny
2.2. Scope
The scope is as follows:
http: block IP for all websites
server: block IP for individual websites
location: block IP for individual websites and individual pages
limit_except statement block, you need to pay attention to the path.
2.3. Usage
# 允许单个ip访问
allow IP;
# 允许所有ip访问
allow all;
# 屏蔽单个ip访问
deny IP;
# 屏蔽所有ip访问
deny all;
#屏蔽整个段即从123.0.0.1到123.255.255.254访问的命令
deny 123.0.0.0/8
#屏蔽IP段即从123.45.0.1到123.45.255.254访问的命令
deny 124.45.0.0/16
#屏蔽IP段即从123.45.6.1到123.45.6.254访问的命令
deny 123.45.6.0/24
仅允许几个IP,其他全部拒绝
allow IP1;
allow IP2;
deny all;
2.4. Configuration
新建白名单列表
cd /etc/nginx/
touch ip_white.conf
编辑并保存白名单文件
For example, add whitelist settings in specific access paths, as follows:
location /test{
access_log /etc/nginx/text.log;
proxy_pass http://localhost:8080/test;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
include /etc/nginx/ip_white.conf;
}
Save the configuration and reload nginx. Visit again as follows:
Nginx installation and configuration: https://blog.csdn.net/qq_38254635/article/details/130697972