LNMP - nginx访问控制
为了限制某些用户或者IP等访问网站 而设置的访问控制权限1、修改虚拟主机配置文件
# vim /usr/local/nginx/conf/vhosts/test.conf
server
{
listen 80;
server_name www.test.com www.aaa.com;
if ($host != 'www.test.com')
{
rewrite ^/(.*)$ http://www.test.com/$1 permanent;
}
index index.html index.htm index.php;
root /data/www;
access_log /tmp/access.log combined_realip;
location ~ .*admin\.php$ {
#auth_basic "caimz auth";
#auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
allow 127.0.0.1;
deny all;
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|rar|zip|gz|bz2)$
{
access_log off;
expires 15d;
valid_referers none blocked *.test.com *.aaa.com *.aminglinux.com;
if ($invalid_referer)
{
return 403;
}
}
location ~ \.(js|css)
{
access_log off;
expires 2h;
}
location ~ (static|cache)
{
access_log off;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi1.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
}
且设置的是admin.php这个网站的访问权限。
2、检测配置文件正确性
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
3、重新加载nginx的配置文件
# /usr/local/nginx/sbin/nginx -s reload
4、测试
# curl -x127.0.0.1:80 www.test.com/admin.php -I#本机测试OK。
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Sun, 25 Oct 2015 10:09:18 GMT
Content-Type: text/html; charset=gbk
Connection: keep-alive
X-Powered-By: PHP/5.6.6
Set-Cookie: 7HV5_2132_saltkey=tc77ozPa; expires=Tue, 24-Nov-2015 10:09:18 GMT; Max-Age=2592000; path=/; httponly
Set-Cookie: 7HV5_2132_lastvisit=1445764158; expires=Tue, 24-Nov-2015 10:09:18 GMT; Max-Age=2592000; path=/
Set-Cookie: 7HV5_2132_sid=FVUuVD; expires=Mon, 26-Oct-2015 10:09:18 GMT; Max-Age=86400; path=/
Set-Cookie: 7HV5_2132_lastact=1445767758%09admin.php%09; expires=Mon, 26-Oct-2015 10:09:18 GMT; Max-Age=86400; path=/
我笔记本直接访问虚拟机
(虚拟机是安装在我笔记本上的,虚拟机的IP:192.168.0.103 我笔记本的IP:192.168.0.106)
显示403,也就是我笔记本访问的admin.php的时候显示403,因为来源IP不是本机(虚拟机)是我的笔记本所以拒绝了。
访问网站下其他网页
测试OK的,因为我没对其做限制。
a、设置全局权限
设置完以后检查配置文件和重新加载配置文件
# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
# /usr/local/nginx/sbin/nginx -s reload
然后我本地访问
# curl -x127.0.0.1:80 www.test.com/forum.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Sun, 25 Oct 2015 10:30:35 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
出现了403.因为我设置了本地访问,所以拒绝了。
b、我笔记本访问
出现了403,因为我的笔记本是在192.168.0.0网段内,所以访问的时候拒绝了,显示403.
页:
[1]