Nginx的访问控制_access_module配置语法和原理
1、http_access_module详解
(1)http_access_module作用
--with-http_access_module:基于IP的访问控制
官网解释:
The ngx_http_access_module module allows limiting access to certain client addresses.
Access can also be limited by password, by the result of subrequest, or by JWT. Simultaneous limitation of access by address and by password is controlled by the satisfy directive.
(2)举例
allow和deny需要配合使用
location / { deny 192.168.1.1; allow 192.168.1.0/24; allow 10.1.1.0/16; allow 2001:0db8::/32; deny all;}参数解释:
The rules are checked in sequence until the first match is found. In this example, access is allowed only for IPv4 networks 10.1.1.0/16 and 192.168.1.0/24 excluding the address 192.168.1.1, and for IPv6 network 2001:0db8::/32. In case of a lot of rules, the use of the ngx_http_geo_module module variables is preferable.
2、access语法
(1)allow语法
| Syntax: | allow address | CIDR | unix: | all; |
| Default: | — |
| Context: | http,server,location,limit_except |
语法解释:
allow address | CIDR | unix: | all;
address:ip地址
CIDR:ip网段。即CIDR表示方法:IP地址/网络ID的位数,比如192.168.23.35/21,其中用21位表示网络ID。
unix:sockets
all:所有
Allows access for the specified network or address. If the special value unix: is specified (1.5.1), allows access for all UNIX-domain sockets.
(2)deny语法
| Syntax: | deny address | CIDR | unix: | all; |
| Default: | — |
| Context: | http,server,location,limit_except |
语法解释:
allow address | CIDR | unix: | all;
address:ip地址
CIDR:ip网段。即CIDR表示方法:IP地址/网络ID的位数,比如192.168.23.35/21,其中用21位表示网络ID。
unix:sockets
all:所有
Denies access for the specified network or address. If the special value unix: is specified (1.5.1), denies access for all UNIX-domain sockets.
3、access配置
(1)使用http://www.ip138.com/查询本地公网ip
(2)allow和deny配置
(3)验证allow和deny配置是否生效
本地电脑公网是可以访问的:
用手机热点wifi测试、本地代理、腾讯云服务器、阿里云服务器等都可以测试(只要跟刚才的公网不一样就行)
手机热点wifi测试:
阿里云公网测试:
腾讯云公网测试:
459
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
