Nginx設置黑名單

本文轉載自查看原文 2019-07-04 15:59 3399 nginx

date: 2019-07-04 14:35:56

author: headsen chen

notice: 個人原創

1，在分域名下面設置：

[root@pro-nginx:/usr/local/openresty/nginx/conf/sites]$cat www.ceshi.com.conf 
geo $remote_addr $black {
    121.35.3.0/24 1;
    121.35.2.0/24 1;
    121.35.1.0/24 1;
    121.35.0.0/24 1;
    112.97.63.0/24 1;
    112.97.50.0/24 1;
    211.101.18.214 1;
    124.232.148.90 1;
    118.193.154.149 1;
    140.240.23.99 1;
}
server {
    listen       80;
    listen      443 ssl;
    include      ceshi-ssl-ev.conf;
    server_name  www.ceshi.com;

2，在分域名下面設置(設置在匹配項下面的)：

location / {
　　deny  192.168.1.1;
　　allow 192.168.1.0/24;
　　allow 10.1.1.0/16;
　　allow 2001:0db8::/32;
　　deny  all;
　　proxy_pass http://10.1.1.1:2000;
}

3,在Nginx的總入口上配置訪問ip限制,只有在白名單里面的才可以訪問。

[root@beta-usrv01:/usr/local/openresty/nginx/conf]$cat nginx.conf
user fmservice;
worker_processes  auto;
events {
    worker_connections  102400;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server_names_hash_bucket_size 128;
    log_format  main  '$remote_addr [$time_local] "$host" "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" '
                      '"$request_time:$upstream_response_time" $upstream_addr "$upstream_status" "$upstream_cache_status"';
    client_max_body_size 50m;
    gzip on;
    gzip_types    text/plain application/javascript application/x-javascript text/xml text/css image/png image/jpg image/gif image/jpeg;
    gzip_vary off;
 geo $remote_addr $whitelist { default 0; 127.0.0.1 1; 172.0.0.0/8 1; 10.0.0.0/8 1; 119.189.0.0/16 1; 113.169.0.0/16 1; 139.108.102.77 1; 112.174.61.155 1; 120.178.139.70 1;
......
    }

    map $http_x_app_info $appheader {
    default "";
    }
}



也可以分開寫：

[root@metabase:/usr/local/openresty/nginx/conf]$cat nginx.conf
worker_processes  1;
events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr [$time_local] "$host" "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" '
                      '"$request_time:$upstream_response_time" $upstream_addr "$upstream_status" "$upstream_cache_status"';

    access_log  logs/access.log  main;
    error_log   logs/error.log;
    sendfile        on;
    keepalive_timeout  65;
    include whiteiplist.conf;
    server {
        listen       80;
        server_name  aaaa.bbbbbbl.com default;
        access_log /var/log/nginx/aaaaa.bbbbbbl.com.log main;

        if ( $whitelist != 1 ) { return 403; #set $fasdbfad 1; }

[root@metabase:/usr/local/openresty/nginx/conf]$cat whiteiplist.conf 
        geo $remote_addr $whitelist {
        default 0;
        101.232.131.102 1;
        124.42.150.166 1;
        117.136.40.216 1;
        }

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 nginx設置ip黑名單 nginx白名單黑名單設置 nginx 動態黑名單 Nginx服務器設置黑名單屏蔽IP nginx配置訪問黑名單-2 nginx 動態添加ip黑名單 Nginx配置IP白名單和黑名單 nodemanager黑名單白名單與黑名單 JWT黑名單和白名單