只允许固定ip访问网站,并加上密码
server {
listen 80;
server_name 192.168.253.156;
location / {
root /opt/htdocs/www;
allow 208.97.167.194;
allow 222.33.1.2;
allow 231.152.49.4;
deny all;
auth_basic “C1G_ADMIN”;
auth_basic_user_file htpasswd;
}
}
功能说明:
- 当
$http_x_forwarded_for
为空会‘-’时(没有代理服务器或代理未配置$http_x_forwarded_for
),Realip
为$remote_addr
(客户端真实IP)
判断$Realip
访问权限- 当
$http_x_forwarded_for
有一个或者多个IP时Real
为$http_x_forwarded_for
第一个IP(客户端真实IP)
判断$Realip
访问权限
配置http_x_forwarded_for
代理服务器添加
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
代理服务器配置
server {
listen 80;
server_name 192.168.253.155;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
proxy_pass http://192.168.253.156;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name 192.168.253.156;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
set $Realip $remote_addr;
if ( $http_x_forwarded_for ~ (\d+\.\d+\.\d+\.\d+)(.*) ) {
set $Realip $1;
#if ( $http_x_forwarded_for ~ (\d+)\.(\d+)\.(\d+)\.(\d+),(.*) ) {
# set $Realip $1.$2.$3.$4;
}
#http_x_forwarded_for地址不在下列IP中则返回403
set $accessip false;
if ( $Realip = '172.20.1.1' ) {set $accessip true;}
#if ( $Realip = '192.168.253.1' ) {set $accessip true;}
#if ( $Realip ~* '192.168.253.' ) {set $accessip true;}
if ( $accessip = 'false') {return 403;}
add_header Content-Type 'text/html; charset=utf-8';
return 200 "$Realip";
#root /usr/share/nginx/html;
#index index.html index.htm;
}
}
#被拒绝
{
"agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36",
"status":"403",
"host":"192.168.253.156",
"hostname":"cem-gateway3",
"method":"GET",
"request_uri":"/",
"port":"36314",
"protocol":"HTTP/1.0",
"real_ip":"192.168.253.1, 192.168.253.155",
"referer":"-",
"remote":"192.168.253.156",
"request_length":"506",
"request_time":0,
"scheme":"http",
"server_addr":"172.20.1.4",
"size":555,
"time":"2021-09-25T16:00:21+00:00",
"upstream_addr":"-",
"upstream_response_time":"-",
"upstream_status":"-",
"uri":"/",
"user":"-"
}
#被允许
{
"agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36",
"status":"200",
"host":"192.168.253.156",
"hostname":"cem-gateway3",
"method":"GET",
"request_uri":"/",
"port":"36316",
"protocol":"HTTP/1.0",
"real_ip":"192.168.253.1, 192.168.253.155",
"referer":"-",
"remote":"192.168.253.156",
"request_length":"506",
"request_time":0,
"scheme":"http",
"server_addr":"172.20.1.4",
"size":13,
"time":"2021-09-25T16:03:04+00:00",
"upstream_addr":"-",
"upstream_response_time":"-",
"upstream_status":"-",
"uri":"/",
"user":"-"
}