Nginx - 封鎖IP
# vi /usr/local/nginx/conf/nginx.conf
http {
include blockips.conf;
..........
以下省略# vi /usr/local/nginx/conf/blockips.conf
allow 192.168.11.2; //用法: deny|allow {IP或整個網段}
deny 192.168.11.0/24;
http {
include blockips.conf;
..........
以下省略# vi /usr/local/nginx/conf/blockips.conf
allow 192.168.11.2; //用法: deny|allow {IP或整個網段}
deny 192.168.11.0/24;
# service nginx restart
只allow 192.168.11.2; 其餘都deny; 注意:rule是由上至下比對,只要符合就不會再往下比, 如果將剛例子,先192.168.11.0/24 然後是192.168.11.2的話,是被deny 的.
可以直接用include方式;也可以直接在 location 上作限制; 例如
location / {
root html;
index index.html index.htm;
deny 192.168.11.2;
allow all; }
因被限制的client會被回應一個code 403;表示不能存取, 故我們最好再對403頁面客製化, 以免太多資料被知道!!!
# vi /usr/local/nginx/conf/nginx.conf
error_page 403 /error_403.html;
location = /error_403.html {
root html;
allow all;
}
# vi /usr/local/nginx/html/error_403.html
<html>
<head><title>Error 403 - IP Address Blocked</title></head>
<body>
Your IP Address is blocked. If you this an error, please contact webmaster with your IP at[email protected]
</body>
</html>
# service nginx restart