Nginx实现基于ip的访问控制功能:(Ngx_http_access_module)
官方文档:http://nginx.org/en/docs/http/ngx_http_access_module.html
官方示例:
The ngx_http_access_module module allows limiting access to certain client addresses.限定资源只被指定的客户端访问。
Example Configuration: location / { deny 192.168.1.1; #自上而下检测,匹配范围小的在上面 allow 192.168.1.0/24; allow 10.1.1.0/16; allow 2001:0db8::/32; deny all; }
Syntax: | allow |
---|---|
Default: | — |
Context: | http , server , location , limit_except |
Syntax: | deny |
---|---|
Default: | — |
Context: | http , server , location , limit_except |
Context:适用配置段
演示环境:
Server:192.168.47.140 Client1:192.168.47.137 Client2:192.168.47.138 [root@GaoServer ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@GaoServer ~]# uname -r 3.10.0-327.el7.x86_64 [root@GaoClient ~]# nginx -V nginx version: nginx/1.10.2 ......
相关配置:
#Server配置: [root@GaoServer ~]# cat /data/html/server/index.html <h1>192.168.47.140</h1> [root@GaoServer ~]# vim /etc/nginx/conf.d/Vhost.conf server { listen 80; location /server/ { root /data/html/; allow 192.168.47.137; #设定允许192.168.47.137 deny all; #拒绝所有 } } [root@GaoServer ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@GaoServer ~]# nginx -s reload #测试: #Client(192.168.47.137)访问: [root@GaoClient1 ~]# ifconfig eno16777736 | grep "inet[[:space:]]" | sed ‘s/^.*et //g‘ | sed ‘s/netmask.*$//g‘ 192.168.47.137 [root@GaoClient1 ~]# curl http://192.168.47.140:/server/ <h1>192.168.47.140</h1> #Client(192.168.47.138)访问: [root@GaoClient2 ~]# ifconfig eno16777736 | grep "inet[[:space:]]" | sed ‘s/^.*et //g‘ | sed ‘s/netmask.*$//g‘ 192.168.47.138 [root@GaoClient2 ~]# curl http://192.168.47.140:/server/ <html> <head><title>403 Forbidden</title></head> <body bgcolor="white"> <center><h1>403 Forbidden</h1></center> #403 Forbidden权限拒绝。 <hr><center>nginx/1.10.2</center> </body> </html>
本文出自 “Gning丶” 博客,请务必保留此出处http://gning.blog.51cto.com/11847592/1968243
Nginx实现基于ip的访问控制(Ngx_http_access_module模块)
原文地址:http://gning.blog.51cto.com/11847592/1968243