[nginx]站点目录及文件访问控制
nginx.conf配置文件
http ->多个server -> 多个location ->可限制目录和文件访问(根据i扩展名限制或者rewrite.)
根据目录或扩展名,禁止用户访问指定数据信息
禁止访问目录下的某些扩展名文件
这次我测一下,禁止访问网站目录下的 html/images/*.txt文件
[root@n1 nginx]# tree html/
html/
├── 50x.html
├── images
│ └── maotai.txt
└── index.html
- 设置禁止访问
location ~ ^/images/.*\.(txt|php|php5|sh|pl|py|html)$
{
deny all;
}
- 日志查看
- access.log: 允许访问
192.168.2.1 - - [11/Mar/2018:10:58:06 +0800] "GET /images/maotai.txt HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"
- access.log: 禁止访问
192.168.2.1 - - [11/Mar/2018:10:59:10 +0800] "GET /images/maotai.txt HTTP/1.1" 403 563 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"
- error.log
2018/03/11 10:59:10 [error] 28357#0: *16 access forbidden by rule, client: 192.168.2.1, server: localhost, request: "GET /images/maotai.txt HTTP/1.1", host: "192.168.2.11"
附录: nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
location ~ ^/images/.*\.(txt|php|php5|sh|pl|py|html)$
{
deny all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
当访问禁止的数据信息时,进行页面跳转(rewrite)
访问http://www.maotai.com/images/1.png -> http://www.baidu.com/images/1.png
location ~* \.(txt|doc)$ {
if (-f $request_filename){
root html/images/;
#rewrite …..可以重定向到某个URL
rewrite ^/(.*) http://www.baidu.com/$1 permanent;
break;
}
}
根据IP地址或网络进行访问策略控制
location / {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
deny all;
}
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
location ~* \.(txt|doc)$ {
if (-f $request_filename){
root html/images/;
#rewrite …..可以重定向到某个URL
rewrite ^/(.*) http://www.nmtui.com/$1 permanent;
break;
}
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
采用if判断方式,进行访问控制
if ($remote_addr = 192.168.2.1) {
return 403;
}
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
if ($remote_addr = 192.168.2.1) {
return 403;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
