Of Stack

Nginx restricts IP from accessing certain pages

  • 2021-08-12 03:57:00
  • OfStack

1. To prevent all IP from accessing a1. htm a2. htm a3. htm, these three pages can be written as follows in location 


location ~* /(a1.htm|a2.htm|a3.htm)$ {
 deny all;
 condition ...... ;
}

2. Only the specified ip is allowed to access the three pages of a1. htm a2. htm a3. htm, and the access of other IP is denied 


location ~* /(a1.htm|a2.htm|a3.htm)$ {
 allow 10.0.0.2;
 deny all;
 condition ...... ;
}

Only hosts with ip address 10.0. 0.2 can play these three pages with this setting, and all other ip are rejected.

Other cases can be analogized.

For example, I need to specify that only 8.8. 8.8 ip can access the info. php page. Then you can add the following configuration in nginx-server

If the info. php page is accessed other than 8.8. 8.8, 403 is returned

The jump address needs to be added after it, proxy_pass http://192.168.1.110: 10480; Otherwise, a 404 error will occur. 


 location ~/info.php$ {

 if ($remote_addr != '8.8.8.8' ) {
 return 403;
 }
 proxy_pass http://192.168.1.110:10480;
 }
}

You can also add in the server code 


location ~/info.php$ {
 allow 8.8.8.8;
 deny all;
 condition ...... ;
}

1-like effect

How do you configure to disable ip or ip segments?

The following description assumes that the directory of nginx is in the/usr/local/nginx/

First, create a configuration file blockips. conf for ip, then vi blockips. conf edit this file and enter the ip to be sealed in the file. 


deny 1.2.3.4;
deny 91.212.45.0/24;
deny 91.212.65.0/24;

Then save this file and open the nginx. conf file and add the following 1 line configuration in the http configuration section:

include blockips.conf;

Save the nginx. conf file, and then test whether the current nginx configuration file is legal:

/usr/local/nginx/sbin/nginx -t

If there is no problem with the configuration, it will output:

the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
configuration file /usr/local/nginx/conf/nginx.conf test is successful

If there is a problem with the configuration, you need to check where there is a syntax problem. If there is no problem, you need to execute the following command to let nginx reload the configuration file.

/usr/local/nginx/sbin/nginx -s reload

Only certain ip are allowed to access the page, or certain ip are prohibited from accessing the page 


server_name es.mila66.com;
 location / {
 include /etx/nginx/all/ip.conf;
 deny all;

The file format inside ip. conf:

allow 192.168.1.11;
allow 192.168.1.12;

In this way, only some ip are allowed to access the page.

If some IP access is prohibited, you only need to modify it as follows: change allow to deny. 


server_name es.mila66.com;
 location / {
 include /etx/nginx/all/ip.conf;
 allow all;

File format in ip. conf:

deny 192.168.1.11;
deny 192.168.1.12;

nginx -s reload

Restart the server

Related articles: