Example of Nginx setting the whitelist through the geo module
- 2020-05-17 07:47:19
- OfStack
The original configuration:
http {
......
limit_conn_zone $binary_remote_addr zone=one:10m;
limit_req_zone $binary_remote_addr zone=fifa:10m rate=5r/s;
......
server {
......
limit_conn one 5;
limit_req zone=fifa burst=100;
......
}}
Whitelist configuration:
http {
......
geo $whiteiplist {
default 1;
127.0.0.1 0;
10.10.0.0/24 0;
}
map $whiteiplist $limit {
1 $binary_remote_addr;
0 "";
}
limit_conn_zone $limit zone=one:10m;
limit_req_zone $limit zone=fifa:10m rate=5r/s;
......
server {
......
limit_conn one 5;
limit_req zone=fifa burst=100;
......
}}
Description:
The geo directive defines a whitelist of $whiteiplist, with a default value of 1, all restricted. If the client IP matches IP listed in the whitelist, the value of $whiteiplist is 0, so it is unrestricted.
The map directive maps the $whiteiplist value of 1, that is, the restricted IP, to the client IP. The whitelist IP, which maps the $whiteiplist value to 0, maps to an empty string.
The limit_conn_zone and limit_req_zone directives will be ignored if the key is null, leaving no restriction on the listed IP.