各种访问限制

nginx的域名访问限制

 1 [root@localhost]# nl aa
 2      1    user bbbb   bbbb;
 3      2    worker_processes auto;
 4      3    worker_cpu_affinity auto;
 5      4    dso {
 6      5        load ngx_http_concat_module.so;
 7      6        load ngx_http_sysguard_module.so;
 8      7    }
 9        
10      8    error_log /var/log/error_nginx.log crit;
11      9    pid /var/run/nginx.pid;
12     10    google_perftools_profiles /tmp/tcmalloc;
13     11    worker_rlimit_nofile 51200;
14        
15     12    events {
16     13        use epoll;
17     14        worker_connections 51200;
18     15        multi_accept on;
19     16        }
20        
21     17    http {
22     18        include mime.types;
23     19        default_type application/octet-stream;
24     20        server_names_hash_bucket_size 128;
25     21        client_header_buffer_size 32k;
26     22        large_client_header_buffers 4 32k;
27     23        client_max_body_size 1024m;
28     24        client_body_buffer_size 10m;
29     25        sendfile on;
30     26        tcp_nopush on;
31     27        keepalive_timeout 140;
32     28        server_tokens off;
33     29        tcp_nodelay on;
34     30        fastcgi_connect_timeout 300;
35     31        fastcgi_send_timeout 300;
36     32        fastcgi_read_timeout 300;
37     33        fastcgi_buffer_size 64k;
38     34        fastcgi_buffers 4 64k;
39     35        fastcgi_busy_buffers_size 128k;
40     36        fastcgi_temp_file_write_size 128k;
41        
42     37    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
43     38    #'$status $body_bytes_sent "$http_referer" '
44     39    #'"$http_user_agent" "$http_x_forwarded_for"';
45     40    #    #Gzip Compression
46     41    #access_log  logs/access_all.log  main;
47     42         access_log off ;#0426 删除日志  
48     43        gzip on;
49     44        gzip_buffers 16 8k;
50     45        gzip_comp_level 6;
51     46        gzip_http_version 1.1;
52     47        gzip_min_length 256;
53     48        gzip_proxied any;
54     49        gzip_vary on;
55     50        proxy_buffering off;
56     51        gzip_types
57     52           text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
58     53        text/javascript application/javascript application/x-javascript
59     54        text/x-json application/json application/x-web-app-manifest+json
60     55        text/css text/plain text/x-component
61     56        font/opentype application/x-font-ttf application/vnd.ms-fontobject
62     57            image/x-icon;
63     58        gzip_disable "MSIE [1-6]\.(?!.*SV1)";
64        
65     59        #If you have a lot of static files to serve through Nginx then caching of the files' metadata (not the actual files' contents) can save some latency.
66     60        open_file_cache max=1000 inactive=20s;
67     61        open_file_cache_valid 30s;
68     62        open_file_cache_min_uses 2;
69     63        open_file_cache_errors on;
70     64        set $deny_domain "1";
71        
72     65         if ( $host !~ ^www.reject.hic.com$ ){
73     66          set $deny_domain "$deny_domain,2";
74     67          }
75        
76     68      if ( $host !~ ^localhost$ ){
77     69          set $deny_domain "$,3";
78     70    }
79     71     if ( $deny_domain ~ ^1,2,3$ ){
80     72       return 403;
81     73        }
82     74       include vhost/*.conf;
83     75       }
84     76     
85        

以上是域名限制,下面是ip限制

 1 站点全局限IP:
 2 location / {
 3     index  index.html index.htm index.php;
 4     allow 10.10.10.99;
 5     deny all;
 6 
 7 }
 8 
 9 站点目录限制
10 location ^~ /test/ {
11     allow 10.10.10.88;
12     deny all;
13 
14 }

 

 


 

posted @ 2017-11-16 15:35  猎手结缘  阅读(148)  评论(0编辑  收藏  举报