各种访问限制
nginx的域名访问限制
1 [root@localhost]# nl aa 2 1 user bbbb bbbb; 3 2 worker_processes auto; 4 3 worker_cpu_affinity auto; 5 4 dso { 6 5 load ngx_http_concat_module.so; 7 6 load ngx_http_sysguard_module.so; 8 7 } 9 10 8 error_log /var/log/error_nginx.log crit; 11 9 pid /var/run/nginx.pid; 12 10 google_perftools_profiles /tmp/tcmalloc; 13 11 worker_rlimit_nofile 51200; 14 15 12 events { 16 13 use epoll; 17 14 worker_connections 51200; 18 15 multi_accept on; 19 16 } 20 21 17 http { 22 18 include mime.types; 23 19 default_type application/octet-stream; 24 20 server_names_hash_bucket_size 128; 25 21 client_header_buffer_size 32k; 26 22 large_client_header_buffers 4 32k; 27 23 client_max_body_size 1024m; 28 24 client_body_buffer_size 10m; 29 25 sendfile on; 30 26 tcp_nopush on; 31 27 keepalive_timeout 140; 32 28 server_tokens off; 33 29 tcp_nodelay on; 34 30 fastcgi_connect_timeout 300; 35 31 fastcgi_send_timeout 300; 36 32 fastcgi_read_timeout 300; 37 33 fastcgi_buffer_size 64k; 38 34 fastcgi_buffers 4 64k; 39 35 fastcgi_busy_buffers_size 128k; 40 36 fastcgi_temp_file_write_size 128k; 41 42 37 #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 43 38 #'$status $body_bytes_sent "$http_referer" ' 44 39 #'"$http_user_agent" "$http_x_forwarded_for"'; 45 40 # #Gzip Compression 46 41 #access_log logs/access_all.log main; 47 42 access_log off ;#0426 删除日志 48 43 gzip on; 49 44 gzip_buffers 16 8k; 50 45 gzip_comp_level 6; 51 46 gzip_http_version 1.1; 52 47 gzip_min_length 256; 53 48 gzip_proxied any; 54 49 gzip_vary on; 55 50 proxy_buffering off; 56 51 gzip_types 57 52 text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml 58 53 text/javascript application/javascript application/x-javascript 59 54 text/x-json application/json application/x-web-app-manifest+json 60 55 text/css text/plain text/x-component 61 56 font/opentype application/x-font-ttf application/vnd.ms-fontobject 62 57 image/x-icon; 63 58 gzip_disable "MSIE [1-6]\.(?!.*SV1)"; 64 65 59 #If you have a lot of static files to serve through Nginx then caching of the files' metadata (not the actual files' contents) can save some latency. 66 60 open_file_cache max=1000 inactive=20s; 67 61 open_file_cache_valid 30s; 68 62 open_file_cache_min_uses 2; 69 63 open_file_cache_errors on; 70 64 set $deny_domain "1"; 71 72 65 if ( $host !~ ^www.reject.hic.com$ ){ 73 66 set $deny_domain "$deny_domain,2"; 74 67 } 75 76 68 if ( $host !~ ^localhost$ ){ 77 69 set $deny_domain "$,3"; 78 70 } 79 71 if ( $deny_domain ~ ^1,2,3$ ){ 80 72 return 403; 81 73 } 82 74 include vhost/*.conf; 83 75 } 84 76 85
以上是域名限制,下面是ip限制
1 站点全局限IP: 2 location / { 3 index index.html index.htm index.php; 4 allow 10.10.10.99; 5 deny all; 6 7 } 8 9 站点目录限制 10 location ^~ /test/ { 11 allow 10.10.10.88; 12 deny all; 13 14 }