原创文章,转载请指明出处并保留原文url地址
本文主要针对nginx的ngx_http_geo_module模块做简单介绍,本文具体包括如下指令:
geo
ngx_http_geo_module模块创建一下变量, 变量的值依赖于进行访问的客户端ip地址
配置的例子如下,
geo $geo {
default 0;
127.0.0.1 2;
192.168.1.0/24 1;
10.1.0.0/16 1;
::1 2;
2001:0db8::/32 1;
}
Nginx原文:
The ngx_http_geo_module module creates variables whose values depend on the client IP address.
Example Configuration
geo $geo {
default 0;
127.0.0.1 2;
192.168.1.0/24 1;
10.1.0.0/16 1;
::1 2;
2001:0db8::/32 1;
}
1. geo
syntax: | geo [$address] $variable { ... } |
default: | — |
context: | http |
描述指定变量值同客户端ip地址之间的关系。默认情况下ip地址从$remote_addr变量中获取,但是这个值也可以从另外的变量中获取,例如:
geo $arg_remote_addr $geo {
...;
}
由于变量的求值是在需要时才进行的, 因此即使存在大量的变量声明也不会在请求的处理时有过多的额外时间成本的开销的增加。
如果一个变量的值是不合法的ip地址那么 “255.255.255.255” 值将被赋予给这个变量
地址指定为CIDR标记前缀(包括个人地址)或范围(0.7.23)。
从1.3.10.版本开始ipv6方式的前缀被支持
下列特殊参数也支持:
delete
删除指定的网络(deletes the specified network (0.7.23).)
default
当一个客户端地址值同任何一个特定值都不匹配,这个变量的值是默认值,这个值是cidr标记方式的“0.0.0.0/0” 或者“::/0”。若是默认值没有被指定,这个值是空字符串。
include
包含一个文件,文件里面是地址及相关值, 可能存在数个包含文件
proxy
定义一个可以信赖的地址,当一个请求来自于一个被信任的地址时,这个请求中“X-Forwarded-For”字段的地址将被用信任地址替换。相反对于一个正常的(符合规则的)地址依次进行信任的地址检查。
从版本1.3.0和1.2.1开始支持可信的IPv6地址。
proxy_recursive
开启或者关闭地址的递归搜索功能。 如果递归搜索功能被关闭,则客户端发送“X-Forwarded-For”字段中最后的地址将被用来作为可信赖地址来代表这个客户端的原始地址。如果递归搜索功能开启,“X-Forwarded-For”字段中最后一个不被信任的地址将被一个匹配的信任地址替换,作为这个客户端的原始地址。
ranges
显示一段地址范围。这个参数应该被放在最前面。为了加快整体地址范围功能的速度,地址范围书写应该按照地址递增的顺序书写。
Example:
geo $country {
default ZZ;
include conf/geo.conf;
delete 127.0.0.0/16;
proxy 192.168.100.0/24;
proxy 2001:0db8::/32;
127.0.0.0/24 US;
127.0.0.1/32 RU;
10.1.0.0/16 RU;
192.168.1.0/24 UK;
}
The conf/geo.conf文件可以包括下面文字:
10.2.0.0/16 RU;
192.168.2.0/24 RU;
使用的是一种价值的最具体的比赛。例如,为127.0.0.1地址的值“儒”将被选择,而不是“我们”。
下面有一些最长用的匹配地址值的例子,例子中对于127.0.0.1地址被匹配为RU而不是“US”。
日志如下:
geo $country {
ranges;
default ZZ;
127.0.0.0-127.0.0.0 US;
127.0.0.1-127.0.0.1 RU;
127.0.0.1-127.0.0.255 US;
10.1.0.0-10.1.255.255 RU;
192.168.1.0-192.168.1.255 UK;
}
Nginx原文:
Describes the dependency of values of the specified variable on the client IP address. By default an address is taken from the $remote_addr variable but it can also be taken from another variable (0.7.27), for example:
geo $arg_remote_addr $geo {
...;
}
Since variables are evaluated only when used, the mere existence of even a large number of declared “geo” variables does not incur any extra costs for request processing.
If the value of a variable does not represent a valid IP address then the “255.255.255.255” address is used.
Addresses are specified either as prefixes in CIDR notation (including individual addresses) or as ranges (0.7.23).
IPv6 prefixes are supported starting from version 1.3.10.
The following special parameters are also supported:
delete
deletes the specified network (0.7.23).
default
a value of variable if the client address does not match any of the specified addresses. When addresses are specified in CIDR notation, “0.0.0.0/0” and “::/0” can be used instead of default. When default is not specified, the default value will be an empty string.
include
includes a file with addresses and values. There can be several inclusions.
proxy
defines trusted addresses (0.8.7, 0.7.63). When a request comes from a trusted address, an address from the “X-Forwarded-For” request header field will be used instead. In contrast to the regular addresses, trusted addresses are checked sequentially.
Trusted IPv6 addresses are supported starting from versions 1.3.0 and 1.2.1.
proxy_recursive
enables recursive address search (1.3.0, 1.2.1). If recursive search is disabled then instead of an original client address that matches one of the trusted addresses, the last address sent in “X-Forwarded-For” will be used. If recursive search is enabled then instead an original client address that matches one of the trusted addresses, the last non-trusted address sent in “X-Forwarded-For” will be used.
ranges
indicates that addresses are specified as ranges (0.7.23). This parameter should be the first. To speed up loading of a geo base, addresses should be put in increasing order.
Example:
geo $country {
default ZZ;
include conf/geo.conf;
delete 127.0.0.0/16;
proxy 192.168.100.0/24;
proxy 2001:0db8::/32;
127.0.0.0/24 US;
127.0.0.1/32 RU;
10.1.0.0/16 RU;
192.168.1.0/24 UK;
}
The conf/geo.conf file could contain the following lines:
10.2.0.0/16 RU;
192.168.2.0/24 RU;
A value of the most specific match is used. For example, for the 127.0.0.1 address the value “RU” will be chosen, not “US”.
Example with ranges:
geo $country {
ranges;
default ZZ;
127.0.0.0-127.0.0.0 US;
127.0.0.1-127.0.0.1 RU;
127.0.0.1-127.0.0.255 US;
10.1.0.0-10.1.255.255 RU;
192.168.1.0-192.168.1.255 UK;
}