1. 使用正则匹配内网字段,示例中匹配合法ip,取非后为正则返回403;
location / {
if ($remote_addr !~* "^(192\\.168|172\\.(1[6-9]|2\\d|3[0,1]))(\\.(2[0-4]\\d|25[0-5]|[0,1]?\\d?\\d)){2}$|^10(\\.([2][0-4]\\d|25[0-5]|[0,1]?\\d?\\d)){3}$") {
return 403;
}
proxy_pass http://myapp1;
}
2. 修改nginx conf配置文件,指向403,重写nginx 403指向文件;
error_page 403 /reject.html;
location = /reject.html {
root html;
}
3. 在nginx的html文件夹下,新建reject.html文件
4. 新加过滤某些URL,直接进行转发,不受前面IP过滤
location ^~ /auth-console/{
proxy_pass http://myapp1;
}
注:放到前一个location设置,匹配规则即转发