限制IP访问
- 白名单控制
虚拟主机配置文件添加配置
allow 127.0.0.1;
allow 192.168.1.0/24;
deny all;
测试:
[root@linux2019 conf.d]# curl -x127.0.0.1:80 -I bbs.aibenwoniu.xyz
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 31 Jan 2019 02:41:04 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/7.3.1
[root@linux2019 conf.d]# curl -x192.168.85.129:80 -I bbs.aibenwoniu.xyz
HTTP/1.1 403 Forbidden
Server: nginx/1.14.2
Date: Thu, 31 Jan 2019 02:41:55 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
- 黑名单控制
虚拟主机配置文件添加配置
deny 192.168.85.0/24;
测试:
[root@linux2019 conf.d]# curl -x192.168.85.129:80 -I bbs.aibenwoniu.xyz
HTTP/1.1 403 Forbidden
Server: nginx/1.14.2
Date: Thu, 31 Jan 2019 02:46:04 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[root@linux2019 conf.d]# curl -x127.0.0.1:80 -I bbs.aibenwoniu.xyz
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 31 Jan 2019 02:46:16 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/7.3.1
限制某个目录
虚拟主机配置文件添加配置
location /data/
{
allow 127.0.0.1;
allow 192.168.1.0/24;
deny all;
}
测试:
[root@linux2019 conf.d]# curl -x192.168.85.129:80 -I bbs.aibenwoniu.xyz/data/
HTTP/1.1 403 Forbidden
Server: nginx/1.14.2
Date: Thu, 31 Jan 2019 02:57:17 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
[root@linux2019 conf.d]# curl -x127.0.0.1:80 -I bbs.aibenwoniu.xyz/data/
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 31 Jan 2019 02:57:22 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Fri, 25 Jan 2019 07:58:54 GMT
Connection: keep-alive
ETag: "5c4ac1be-0"
Accept-Ranges: bytes
#测试其他目录访问
[root@linux2019 conf.d]# curl -x127.0.0.1:80 -I bbs.aibenwoniu.xyz/config/
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Thu, 31 Jan 2019 03:01:56 GMT
Content-Type: text/html
Content-Length: 1
Last-Modified: Fri, 25 Jan 2019 07:58:54 GMT
Connection: keep-alive
ETag: "5c4ac1be-1"
Accept-Ranges: bytes
限制某个目录下的某类文件
添加配置
location ~ .*(upload|image)/.*\.php$
{
deny all;
}
测试:
[root@linux2019 conf.d]# curl -x127.0.0.1:80 -I bbs.aibenwoniu.xyz/upload/abc.php
HTTP/1.1 403 Forbidden
Server: nginx/1.14.2
Date: Thu, 31 Jan 2019 03:16:29 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
限制user-agent
添加配置
if ($http_user_agent ~ 'Spider/3.0|YoudaoBot|Tomato')
{
return 403;
}
测试:
[root@linux2019 conf.d]# curl -A 'test/spider/Tomato' -x127.0.0.1:80 -I bbs.aibenwoniu.xyz -v -e test-http-user-agent
* About to connect() to proxy 127.0.0.1 port 80 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> HEAD HTTP://bbs.aibenwoniu.xyz/ HTTP/1.1
> User-Agent: test/spider/Tomato
> Host: bbs.aibenwoniu.xyz
> Accept: */*
> Referer: test-http-user-agent
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
< Server: nginx/1.14.2
Server: nginx/1.14.2
< Date: Thu, 31 Jan 2019 03:44:24 GMT
Date: Thu, 31 Jan 2019 03:44:24 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 169
Content-Length: 169
< Connection: keep-alive
Connection: keep-alive
<
* Connection #0 to host 127.0.0.1 left intact
PS:curl命令参数说明
- -A:指定user-agent
- -e:指定referer
- -I:只显示header信息
- -x:指定访问的服务器IP和端口
- -v:显示访问过程
限制uri
添加配置
if ($request_uri ~ (abc|123))
{
return 404;
}
#http://bbs.aibenwoniu.xyz/forum.php?mod=viewthread&tid=1&extra=page%3D1
# request_uri包括document_uri和args
#(bbs.aibenwoniu.xyz)host
#(forum.php)document_uri
#(mod=viewthread&tid=1&extra=page%3D1)args(请求的参数)