Nginx实现基于ip的访问控制功能:(Ngx_http_access_module)
官方文档:http://nginx.org/en/docs/http/ngx_http_access_module.html
官方示例:
The ngx_http_access_module module allows limiting access to certain client addresses.限定资源只被指定的客户端访问。
Example Configuration:
location / {
deny 192.168.1.1; #自上而下检测,匹配范围小的在上面
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all;
}
| Syntax: | allow |
|---|---|
| Default: | — |
| Context: | http, server, location, limit_except |
| Syntax: | deny |
|---|---|
| Default: | — |
| Context: | http, server, location, limit_except |
Context:适用配置段
演示环境:
Server:192.168.47.140 Client1:192.168.47.137 Client2:192.168.47.138 [[email protected] ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [[email protected] ~]# uname -r 3.10.0-327.el7.x86_64 [[email protected] ~]# nginx -V nginx version: nginx/1.10.2 ......
相关配置:
#Server配置:
[[email protected] ~]# cat /data/html/server/index.html
<h1>192.168.47.140</h1>
[[email protected] ~]# vim /etc/nginx/conf.d/Vhost.conf
server {
listen 80;
location /server/ {
root /data/html/;
allow 192.168.47.137; #设定允许192.168.47.137
deny all; #拒绝所有
}
}
[[email protected] ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[[email protected] ~]# nginx -s reload
#测试:
#Client(192.168.47.137)访问:
[[email protected] ~]# ifconfig eno16777736 | grep "inet[[:space:]]" | sed ‘s/^.*et //g‘ | sed ‘s/netmask.*$//g‘
192.168.47.137
[[email protected] ~]# curl http://192.168.47.140:/server/
<h1>192.168.47.140</h1>
#Client(192.168.47.138)访问:
[[email protected] ~]# ifconfig eno16777736 | grep "inet[[:space:]]" | sed ‘s/^.*et //g‘ | sed ‘s/netmask.*$//g‘
192.168.47.138
[[email protected] ~]# curl http://192.168.47.140:/server/
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center> #403 Forbidden权限拒绝。
<hr><center>nginx/1.10.2</center>
</body>
</html>
时间: 2024-10-28 17:06:06