{"id":404,"date":"2015-04-21T21:28:57","date_gmt":"2015-04-21T13:28:57","guid":{"rendered":"http:\/\/www.ipcpu.com\/?p=404"},"modified":"2015-04-21T21:28:57","modified_gmt":"2015-04-21T13:28:57","slug":"nginx-access-control","status":"publish","type":"post","link":"https:\/\/c.ipcpu.com\/2015\/04\/nginx-access-control\/","title":{"rendered":"nginx\u8bbf\u95ee\u63a7\u5236Access Control\u7684\u95ee\u9898"},"content":{"rendered":"

\u5bfc\u8bba<\/h3>\n

\u5728nginx\u4e2d\u4f7f\u7528allow\u548cdeny\u505aAccess Control\u8bbf\u95ee\u63a7\u5236\u65f6\uff0c\u6709\u65f6\u4f1a\u51fa\u73b0\u4e0d\u751f\u6548\u7684\u95ee\u9898\u3002<\/p>\n

\u6240\u4ee5\u6211\u4eec\u7528\u5b9e\u9a8c\u6765\u9a8c\u8bc1\u4e0b<\/p>\n

nginx\u914d\u7f6e\u5982\u4e0b\uff1a<\/p>\n

  1. server <\/span>{<\/span><\/code><\/li>
  2.     listen <\/span>80<\/span>  <\/span>;<\/span><\/code><\/li>
  3.     server_name     kibana<\/span>.<\/span>ipcpu<\/span>.<\/span>com<\/span>;<\/span><\/code><\/li>
  4.     index index<\/span>.<\/span>html index<\/span>.<\/span>htm index<\/span>.<\/span>php<\/span>;<\/span><\/code><\/li>
  5.     <\/span>#deny bad ip<\/span><\/code><\/li>
  6.     deny <\/span>211.81<\/span>.<\/span>175.6<\/span>;<\/span>    <\/span><\/code><\/li>
  7. <\/code><\/li>
  8.     location <\/span>\/<\/span>nginxacc <\/span>{<\/span><\/code><\/li>
  9.         root     <\/span>\/<\/span>home<\/span>\/<\/span>htdocs<\/span>\/<\/span>kibana<\/span>;<\/span><\/code><\/li>
  10.         <\/span>#deny bad ip<\/span><\/code><\/li>
  11.         deny <\/span>211.81<\/span>.<\/span>175.8<\/span>;<\/span><\/code><\/li>
  12.     <\/span>}<\/span><\/code><\/li>
  13. <\/code><\/li>
  14.     location <\/span>\/<\/span> <\/span>{<\/span> <\/span><\/code><\/li>
  15.         root     <\/span>\/<\/span>home<\/span>\/<\/span>htdocs<\/span>\/<\/span>kibana<\/span>;<\/span><\/code><\/li>
  16.     <\/span>}<\/span><\/code><\/li>
  17. }<\/span><\/code><\/li><\/ol><\/pre>\n
    \u6211\u4eec\u7684\u9884\u671f\u7ed3\u679c\u662fIP211.81.175.6\u5168\u7ad9\u4e0d\u5141\u8bb8\u8bbf\u95ee\uff0cIP211.81.175.8\u4e0d\u5141\u8bb8\u8bbf\u95eenginxacc\u76ee\u5f55\u3002<\/p>\n
    \u6d4b\u8bd5<\/h3>\n
    \u5206\u522b\u8bbf\u95ee\u57df\u540d\u6839\u76ee\u5f55<\/p>\n
    1. [<\/span>root@BJZW<\/span>-<\/span>175<\/span>-<\/span>8<\/span> <\/span>~]<\/span>$curl <\/span>-<\/span>o <\/span>\/<\/span>dev<\/span>\/<\/span>null<\/span> <\/span>-<\/span>s <\/span>-<\/span>w <\/span>%{<\/span>http_code<\/span>}<\/span> http<\/span>:<\/span>\/\/kibana.ipcpu.com\/<\/span><\/code><\/li>
    2. 200<\/span><\/code><\/li>
    3. #<\/span><\/code><\/li>
    4. [<\/span>root@BJZW<\/span>-<\/span>175<\/span>-<\/span>6<\/span> <\/span>~]#<\/span>curl <\/span>-<\/span>o <\/span>\/<\/span>dev<\/span>\/<\/span>null<\/span> <\/span>-<\/span>s <\/span>-<\/span>w <\/span>%{<\/span>http_code<\/span>}<\/span> http<\/span>:<\/span>\/\/kibana.ipcpu.com\/<\/span><\/code><\/li>
    5. 403<\/span><\/code><\/li><\/ol><\/pre>\n
      \u6d4b\u8bd5\u7ed3\u679c211.81.175.8\u53ef\u4ee5\u8bbf\u95ee\uff0c211.81.175.6\u4e0d\u80fd\u8bbf\u95ee\u3002\u7b26\u5408\u9884\u671f\u7ed3\u679c\u3002<\/strong><\/p>\n
      \u5206\u522b\u8bbf\u95ee\u57df\u540dnginxacc\u76ee\u5f55<\/p>\n
      1. [<\/span>root@BJZW<\/span>-<\/span>175<\/span>-<\/span>8<\/span> <\/span>~]<\/span>$curl <\/span>-<\/span>o <\/span>\/<\/span>dev<\/span>\/<\/span>null<\/span> <\/span>-<\/span>s <\/span>-<\/span>w <\/span>%{<\/span>http_code<\/span>}<\/span> http<\/span>:<\/span>\/\/kibana.ipcpu.com\/nginxacc\/<\/span><\/code><\/li>
      2. 403<\/span><\/code><\/li>
      3. #<\/span><\/code><\/li>
      4. [<\/span>root@BJZW<\/span>-<\/span>175<\/span>-<\/span>6<\/span> <\/span>~]#<\/span>curl <\/span>-<\/span>o <\/span>\/<\/span>dev<\/span>\/<\/span>null<\/span> <\/span>-<\/span>s <\/span>-<\/span>w <\/span>%{<\/span>http_code<\/span>}<\/span> http<\/span>:<\/span>\/\/kibana.ipcpu.com\/nginxacc\/<\/span><\/code><\/li>
      5. 200<\/span><\/code><\/li><\/ol><\/pre>\n
        \u6d4b\u8bd5\u7ed3\u679c211.81.175.8\u4e0d\u80fd\u8bbf\u95ee\uff0c211.81.175.6\u53ef\u4ee5\u8bbf\u95ee\u3002\u4e0d\u7b26\u5408\u9884\u671f\u7ed3\u679c<\/strong>\u3002<\/p>\n
        \u89e3\u91ca<\/h3>\n
        \u4e0a\u4e0b\u7ea7\u6982\u5ff5\uff1a\u4e0a\u4e00\u7ea7\u4e0e\u4e0b\u4e00\u7ea7\u662f\u4e00\u4e2a\u76f8\u5bf9\u6982\u5ff5\uff0chttp\u76f8\u5bf9server\u4e3a\u4e0a\u4e00\u7ea7\uff0cserver\u4e3ahttp\u4e0b\u4e00\u7ea7\uff1bserver\u76f8\u5bf9location\u4e3a\u4e0a\u4e00\u7ea7\uff0clocation\u4e3aserver\u4e0b\u4e00\u7ea7\u3002<\/p>\n
        \u5982\u679c\u5f53\u524dACL(child->rules)\u4e3a\u7a7a\uff0c\u5219\u7ee7\u627f\u4e0a\u4e00\u7ea7\u7684ACL(parent->rules)\u3002<\/p>\n
        \u5982\u679c\u5f53\u524d\u7ea7\u522b\u4e2d\u5b9a\u4e49\u8fc7ACL\u4e4b\u540e\uff0c\u4e0d\u4f1a\u4e0e\u4e0a\u4e00\u7ea7\u7684ACL\u8fdb\u884c\u5217\u8868\u5408\u5e76\uff0c\u53ea\u6709\u5f53\u524d\u5217\u8868\u751f\u6548\u3002<\/strong><\/p>\n
        nginx\u6e90\u4ee3\u7801 src\/http\/modules\/ngx_http_access_module.c \u4e2d\u7684 ngx_http_access_merge_loc_conf \u51fd\u6570\u6709\u76f8\u5173\u5b9a\u4e49\u3002<\/p>\n
        \u53c2\u8003\u6587\u7ae0<\/h3>\n
        http:\/\/blog.liulantao.com\/blog\/2014\/2014-06-05-nginx-access-control-with-allow-deny.html<\/a><\/p>\n
        \u8f6c\u8f7d\u8bf7\u6ce8\u660e\uff1aIPCPU-\u7f51\u7edc\u4e4b\u8def<\/a> » nginx\u8bbf\u95ee\u63a7\u5236Access Control\u7684\u95ee\u9898<\/a><\/p>","protected":false},"excerpt":{"rendered":"
        \u5bfc\u8bba \u5728nginx\u4e2d\u4f7f\u7528allow\u548cdeny\u505aAccess Control\u8bbf\u95ee\u63a7\u5236\u65f6\uff0c\u6709\u65f6\u4f1a\u51fa\u73b0\u4e0d\u751f\u6548\u7684\u95ee\u9898\u3002 \u6240\u4ee5\u6211\u4eec\u7528\u5b9e\u9a8c\u6765\u9a8c\u8bc1\u4e0b nginx\u914d\u7f6e\u5982\u4e0b\uff1a server { listen 80 ; server_name kibana.ipcpu.com; index index.html index.htm index.php; #deny bad ip deny 211.81.175.6; location \/nginxacc { root \/home\/htdocs\/kibana; #deny bad ip deny 211.81.175.8; } location \/ { root \/home\/htdocs\/kibana; }} \u6211\u4eec\u7684\u9884\u671f\u7ed3\u679c\u662fIP211.81.175.6\u5168\u7ad9\u4e0d\u5141\u8bb8\u8bbf\u95ee\uff0cIP211.81.175.8\u4e0d\u5141\u8bb8\u8bbf\u95eenginxacc\u76ee\u5f55\u3002 \u6d4b\u8bd5 \u5206\u522b\u8bbf\u95ee\u57df\u540d\u6839\u76ee\u5f55 [root@BJZW-175-8 ~]$curl -o \/dev\/null -s -w %{http_code} http:\/\/kibana.ipcpu.com\/200#[root@BJZW-175-6 ~]#curl -o \/dev\/null -s -w %{http_code} […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[13,6],"tags":[14,15,16],"_links":{"self":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts\/404"}],"collection":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/comments?post=404"}],"version-history":[{"count":0,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts\/404\/revisions"}],"wp:attachment":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/media?parent=404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/categories?post=404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/tags?post=404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}