禁止除了192.168.90.32外其他域名进行访问。
全局限制
http {
......
map $http_origin $allow_cros {
default 1;
"~^(https?://(192.168.90.32)(:[0-9]+)?)$" 1;
"~*" 0;
}
server {
......
if ($allow_cros = 0){
return 403;
}
location xxx {
proxy_pass xxxx
}
}
其中 ~^(https?://(192.168.90.32)(:[0-9]+)?)$
意为:允许http或https,192.168.90.32的所有端口
日志格式:重点为最后2个
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'proxy_host:"$proxy_host" http_host:"$http_host" host:"$host"'
'ups_addr:$upstream_addr req_time:"$request_time" ups_status:$upstream_status ups_resp_time:"$upstream_response_time"'
'cors:$allow_cros origin:$http_origin';
从日志看结果: