原创文章,转载请指明出处并保留原文url地址
本文主要针对nginx的ngx_http_access_module模块做简单介绍,本文具体包括如下指令:
allow,deny
ngx_http_access_module模块可以限制某些客户端IP地址的访问。
ngx_http_access_module模块可以针对某些ip的客户端访问进行允许或者禁止。
存取也可以通过密码进行限制。基于地址及密码的限制也可以同时使用。
Example Configuration
location / {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all;
}
匹配规则被依次进行检验直到第一个匹配的规则为止(后续的应该就没有效果了, 这个特点我没有去检验)。在上面的例子中,只有 IPv4 networks 10.1.1.0/16被允许, 192.168.1.0/24网络中除192.168.1.1意外的地址被允许, IPv6 network 2001:0db8::/32网络被允许,其他的全部都被禁止。在的特定的规则的情况下,ngx_http_geo_module模块变量的使用是优选的。
Nginx原文:
Module ngx_http_access_module
The ngx_http_access_module module allows to limit access to certain client IP addresses.
Access can also be limited by password. Simultaneous limitation of access by address and by password is controlled by the satisfy directive.
Example Configuration
location / {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all;
}
The rules are checked in sequence until the first match is found. In this example, an access is allowed only for IPv4 networks 10.1.1.0/16 and 192.168.1.0/24 excluding the address 192.168.1.1, and for IPv6 network 2001:0db8::/32. In case of a lot of rules, the use of the ngx_http_geo_module module variables is preferable.
1. allow
syntax:
| allow address| CIDR | all;
|
default:
| —
|
context:
| http, server, location, limit_except
|
允许特定的网络或者ip进行访问
Nginx原文:
Allows access for the specified network or address.
2. deny
syntax:
| deny address| CIDR | all;
|
default:
| —
|
context:
| http, server, location, limit_except
|
允许特定的网络或者ip进行访问
Nginx原文:
Denies access for the specified network or address.
