nginx基于$document_uri的访问控制
1).相关访问控制功能:
这就用到了变量$document_uri,根据前面所学内容,该变量等价于$uri,其实也等价于location匹配
2).相关访问控制案例:
示例1
if ($document_uri ~ "/admin/")
{
return 403;
}
说明:当请求的uri中包含/admin/时,直接返回403。 注意:if结构中不支持使用allow和deny。
测试链接:
1. www.1.com/admin/1.html 匹配
2. www.1.com/123/admin/1.html 匹配
3. www.1.com/admin123/1.html 不匹配
4. www.1.com/admin.php 不匹配
示例2
if ($document_uri ~ "^/admin/")
{
return 403;
}
说明:当请求的uri中包含/admin/时,直接返回403。 注意:if结构中不支持使用allow和deny。
测试链接:
1. www.1.com/admin/1.html 匹配
2. www.1.com/123/admin/1.html 不匹配
3. www.1.com/admin123/1.html 不匹配
4. www.1.com/admin.php 不匹配
示例3
if ($document_uri = /admin.php)
{
return 403;
}
说明:请求的uri为/admin.php时返回403状态码。
测试链接:
1. www.1.com/admin.php 匹配
2. www.1.com/123/admin.php 不匹配
示例4
if ($document_uri ~ '/data/|/cache/.*\.php$')
{
return 403;
}
说明:请求的uri包含data或者cache目录,并且是php时,返回403状态码。
测试链接:
1. www.1.com/data/123.php 匹配
2. www.1.com/cache1/123.php 不匹配
3).相关访问控制案例详解:
示例1 $document_uri ~ "/admin/"
[root@localhost ~]# cat /usr/local/nginx/conf/vhost/www.1.conf
server{
listen 80;
server_name www.1.com;
root /data/wwwroot/www.1.com;
index index.html;
if ($document_uri ~ "/admin/")
{
return 403;
}
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
能匹配的:
[root@localhost ~]# curl www.1.com/admin/1.html
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/123/admin/1.html
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
不能匹配的:
[root@localhost ~]# curl www.1.com/admin123/1.html
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/admin.php
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
示例2 $document_uri ~ "^/admin/"
[root@localhost ~]# cat /usr/local/nginx/conf/vhost/www.1.conf
server{
listen 80;
server_name www.1.com;
root /data/wwwroot/www.1.com;
index index.html;
if ($document_uri ~ "^/admin/")
{
return 403;
}
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
能匹配的:
[root@localhost ~]# curl www.1.com/admin/1.html
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
不能匹配的:
[root@localhost ~]# curl www.1.com/123/admin/1.html
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/admin123/1.html
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/admin.php
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
示例3 $document_uri = /admin.php
[root@localhost ~]# cat /usr/local/nginx/conf/vhost/www.1.conf
server{
listen 80;
server_name www.1.com;
root /data/wwwroot/www.1.com;
index index.html;
if ($document_uri = /admin.php)
{
return 403;
}
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# curl www.1.com/admin.php #匹配
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/123/admin.php #不匹配
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
示例4 $document_uri ~ '/data/|/cache/.*\.php$'
能匹配的:
[root@localhost ~]# cat /usr/local/nginx/conf/vhost/www.1.conf
server{
listen 80;
server_name www.1.com;
root /data/wwwroot/www.1.com;
index index.html;
if ($document_uri ~ '/data/|/cache/.*\.php$')
{
return 403;
}
}
[root@localhost ~]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost ~]# curl www.1.com/data/123.php
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
[root@localhost ~]# curl www.1.com/cache/123.php
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
不能匹配的:
[root@localhost ~]# curl www.1.com/cache1/123.php
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.15.9</center>
</body>
</html>
$document_uri的访问控制参考链接:https://github.com/aminglinux/nginx/blob/master/access/document_uri.md