nginx禁止访问实例及server配置详解
时间:2014-07-04 01:09 来源:linux.it.net.cn 作者:IT网
在nginx中实现禁止访问的例子,主要是介绍server配置段的相关内容
nginx配置要求:
只对外提供部分服务。
nginx.conf配置如下:
复制代码代码示例:
#www.it.net.cn
server {
listen 80;
server_name search.ext.it.net.cn keyword.it.net.cn;
index index.jsp;
root /opt/search2.5;
location /nginx_status {
stub_status on;
access_log off;
}
#特殊的规则放在最前面,只暴露这一个接口
location = /search {
proxy_next_upstream error timeout http_500 http_503;
proxy_pass http://resin3.0;
keepalive_timeout 30;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 15m;
client_body_buffer_size 128k;
proxy_connect_timeout 130;
proxy_send_timeout 30;
proxy_read_timeout 30;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
index index.jsp;
expires 1h;
allow all;
}
#通用规则
location ~* \.(jsp|do|html|gif|jpg|js|css|png)$ {
proxy_next_upstream error timeout http_500 http_503;
proxy_pass http://resin3.0;
keepalive_timeout 30;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 15m;
client_body_buffer_size 128k;
proxy_connect_timeout 130;
proxy_send_timeout 30;
proxy_read_timeout 30;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
index index.jsp;
expires 1h;
#禁止外网访问
allow 192.168.1.1/250;
allow 127.0.0.1/250;
#deny all;
}
location / {
#禁止外网访问
allow 192.168.1.1/250;
allow 127.0.0.1/250;
deny all;
root /opt/search2.5;
index index.jsp;
expires 60;
keepalive_timeout 60;
}
#对不以“/”结尾的目录,默认转发到带“/”的url
if (-d $request_filename){
rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
}
access_log logs/search.log main;
error_log logs/search_error.log;
error_page 403 /index.jsp;
error_page 404 /index.jsp;
}
(责任编辑:IT)
| 在nginx中实现禁止访问的例子,主要是介绍server配置段的相关内容
nginx配置要求:
nginx.conf配置如下:
复制代码代码示例:
#www.it.net.cn
(责任编辑:IT)server { listen 80; server_name search.ext.it.net.cn keyword.it.net.cn; index index.jsp; root /opt/search2.5; location /nginx_status { stub_status on; access_log off; } #特殊的规则放在最前面,只暴露这一个接口 location = /search { proxy_next_upstream error timeout http_500 http_503; proxy_pass http://resin3.0; keepalive_timeout 30; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 15m; client_body_buffer_size 128k; proxy_connect_timeout 130; proxy_send_timeout 30; proxy_read_timeout 30; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; index index.jsp; expires 1h; allow all; } #通用规则 location ~* \.(jsp|do|html|gif|jpg|js|css|png)$ { proxy_next_upstream error timeout http_500 http_503; proxy_pass http://resin3.0; keepalive_timeout 30; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 15m; client_body_buffer_size 128k; proxy_connect_timeout 130; proxy_send_timeout 30; proxy_read_timeout 30; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; index index.jsp; expires 1h; #禁止外网访问 allow 192.168.1.1/250; allow 127.0.0.1/250; #deny all; } location / { #禁止外网访问 allow 192.168.1.1/250; allow 127.0.0.1/250; deny all; root /opt/search2.5; index index.jsp; expires 60; keepalive_timeout 60; } #对不以“/”结尾的目录,默认转发到带“/”的url if (-d $request_filename){ rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent; } access_log logs/search.log main; error_log logs/search_error.log; error_page 403 /index.jsp; error_page 404 /index.jsp; } |