nginx基于location访问控制
1)应用场景:
在生产环境中,我们会对某些特殊的请求进行限制,比如对网站的后台进行限制访问,这就用到了location配置。
2).应用示例:
示例1
location /aming/
{
deny all;
}
说明:针对/aming/目录,全部禁止访问,这里的deny all可以改为return 403.
示例2
location ~ ".bak|\.ht"
{
return 403;
}
说明:访问的uri中包含.bak字样的或者包含.ht的直接返回403状态码。注意:前面的.bak的.没有表示任意字符,而后面的\.就只表示一个点。
示例3
location ~ (data|cache|tmp|image|attachment).*\.php$
{
deny all;
}
说明:请求的uri中包含data、cache、tmp、image、attachment并且以.php结尾的,全部禁止访问。
3).常用应用示例详解:
示例1:匹配某一个目录,deny
[root@localhost ~]# cat /usr/local/nginx/conf/nginx.conf |grep vhost
include vhost/*.conf;
[root@localhost ~]# cat /usr/local/nginx/conf/vhost/www.1.conf
server{
listen 80;
server_name www.1.com;
root /data/wwwroot/www.1.com;
index index.html;
location /aming/
{
deny all;
}
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# curl www.1.com/aming/xxx #拒绝
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/aming111/xxx #虽然是404,但是不是拒绝,只是没有这个页面而已,如果有页面还是能访问的
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
示例2: location ~ ".bak|\.ht" 时候拒绝
[root@localhost ~]# cat /usr/local/nginx/conf/nginx.conf |grep vhost
include vhost/*.conf;
[root@localhost ~]# cat /usr/local/nginx/conf/vhost/www.1.conf
server{
listen 80;
server_name www.1.com;
root /data/wwwroot/www.1.com;
index index.html;
location ~ ".bak|\.ht"
{
return 403;
}
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
测试.bak,只要匹配.(任意字符)bak的都拒绝:
[root@localhost ~]# curl www.1.com/.bakxxx/xxx
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/xbakxxx/xxx
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/zzbakxxx/xxx
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
测试\.ht(.只是代表一个点),只有匹配这个的规则的才拒绝,其他的不拒绝,最多是没有页面是404
[root@localhost ~]# curl www.1.com/.htxxx/yyy
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
You have mail in /var/spool/mail/root
[root@localhost ~]# curl www.1.com/.ht/yyy
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/abht/yyy
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/aht/yyy
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
示例3:匹配location ~ (data|cache|tmp|image|attachment).*\.php$
[root@localhost ~]# cat /usr/local/nginx/conf/nginx.conf |grep vhost
include vhost/*.conf;
[root@localhost ~]# cat /usr/local/nginx/conf/vhost/www.1.conf
server{
listen 80;
server_name www.1.com;
root /data/wwwroot/www.1.com;
index index.html;
location ~ (data|cache|tmp|image|attachment).*\.php$
{
deny all;
}
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# curl www.1.com/dataxx.php
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/dataxxx.php
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/data/x.php
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/image/x.php
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
下面是不匹配的规则,只是没有页面,所以404,如果有页面是能访问的。
[root@localhost ~]# curl www.1.com/date/x.php
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/imgxx/x.php
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
参考链接:https://github.com/aminglinux/nginx/blob/master/access/location.md