nginx限制请求之四:目录进行IP限制
相关文章:
《高可用服务设计之二:Rate limiting 限流与降级》
《nginx限制请求之一:(ngx_http_limit_conn_module)模块》
《nginx限制请求之二:(ngx_http_limit_req_module)模块》
《nginx限制请求之三:Nginx+Lua+Redis 对请求进行限制》
一个不错的nginx中针对目录进行IP限制 ,这里我以phpmyadmin目录只能让内网IP访问,而外网不能访问的配置方法,有需要的同学可参考。
server { listen 80; server_name example.com; access_log logs/access.log main; location / { root html; index index.php index.html index.htm; } location ~ ^/phpmyadmin/ { allow 192.168.1.0/24; deny all; location ~ .*.(php|php5)?$ { root /var/mailapp/nginx/html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; } } location ~ .*.(php|php5)?$ { root /opt/nginx/html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; } }
nginx phpmyadmin 针对内网ip用户开放、外网ip用户关闭(在前面的配置中,location ~ ^/目录/使用正则, 优先级高于location /的配置,所以nginx无法对首页进行解析)
我们也可以这样配置
server { listen 80; server_name example.com; access_log logs/access.log main; location / { root html; index index.php index.html index.htm; } location ~ ^/download/ { allow 192.168.1.0/24; deny all; index index.php index.do index.html index.htm; location ~ .*.(php|php5)?$ { root /var/mailapp/nginx/html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; } } location ~ .*.(php|php5)?$ { root /opt/nginx/html; astcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; }
限制指定的连接只允许 某个指定的IP 能行访问