Shulou(Shulou.com)05/31 Report--

In this article, the editor introduces in detail "how to achieve Nginx request restriction and access control". The content is detailed, the steps are clear, and the details are handled properly. I hope this article "how to achieve Nginx request restriction and access control" can help you solve your doubts.

I. request restrictions of nginx

1. Connection and request of http protocol

Http protocol version and connection relationship

Http protocol version connection relationship http1.0tcp cannot be multiplexed http1.1 sequential tcp multiplexing http2.0 multiplexing tcp multiplexing

The http request is based on an tcp connection.

A tcp connection can generate at least one http request. After the http1.1 version, a tcp connection can be established and multiple http requests can be sent.

1. Connection frequency limit

Grammar

Syntax: limit_conn_zone key zone=name:size;default:-context: httpsyntax: limit_conn zone number;default:-context: http, server, location

Usage

Configure under http in the nginx configuration file

Http {#... Other code is omitted. # Open up a 10m connection space and name it addr limit_conn_zone $binary_remote_addr zone=addr:10m; server {. Location / download/ {# server allows only one ip address at a time to connect to limit_conn addr 1;}

two。 Request frequency limit

Grammar

Syntax: limit_req_zone key zone=name:size rate=rate;default:-context: httpsyntax: limit_req zone=name [burst=number] [nodelay]; default:-context: http, server, location

Usage

Configure under http in the nginx configuration file

Http {#... Other code is omitted. # Open up a 10m request space and name it one. Requests sent by the same ip are processed only once per second on average, limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; server {... Location / search/ {limit_req zone=one; # when the client request exceeds the specified number of requests, a maximum of 5 requests will be allowed and the processing will be delayed. 1 request per second # limit_req zone=one burst=5; # when the client request exceeds the specified number of requests, a maximum of 5 requests will be allowed and processed immediately. # limit_req zone=one burst=5 nodelay;}

II. Access control of nginx

1. Access Control based on ip

Grammar

Syntax: allow address | cidr | unix: | all;default:-context: http, server, location, limit_exceptsyntax: deny address | cidr | unix: | all;default:-context: http, server, location, limit_exceptaddress:ip address, for example: 192.168.1.1

Cidr: for example: 192.168.1.0 + 24

Unix:socket mode

All: all

Usage

Configure under server in the nginx configuration file

Server {#... Other codes are omitted. Location ~ ^ / index_1.html {root / usr/share/nginx/html; deny 151.19.57.60; # deny this ip access to allow all; # allow all other ip access} location ~ ^ / index_2.html {root / usr/share/nginx/html; allow 151.19.57.0 Universe 24; # allow ip 151.19.57.* access to deny all # deny all other ip access}}

Limitations of ngx_http_access_module

When the client accesses through the agent, the remote_addr of the nginx gets the ip of the agent

Http_x_forwarded_for

Http_x_forwarded_for = client ip, proxy1 ip, proxy2 ip,...

Remote_addr acquires the client ip that connects directly to the server.

Http_x_forwarded_for can record the ip of the client and all intermediate agents

two。 User-based login authentication

Grammar

Syntax: auth_basic string | off;default: auth_basic off;context: http, server, location, limit_exceptsyntax: auth_basic_user_file file;default:-context: http, server, location, limit_except

Usage

To use the htpasswd command, you need to install httpd-tools first

[root~] # yum-y install httpd-tools

Use the htpasswd command to create an account password file

[root/etc/nginx] # htpasswd-c. / auth_confauth_ rootnew password:re-type new password:adding password for user auth_ root [root / etc/nginx] # ll auth_conf-rw-r--r-- 1 root root 48 July 9 11:38 auth_ confession [Roo t/etc/nginx] # cat auth_confauth_root:$apr1 $2v6gftlm$oo2le8glgqwi68mcqtcn90

Configure under server in the nginx configuration file

Server {#... Other codes are omitted. Location ~ ^ / index.html {root / usr/share/nginx/html; auth_basic "auth access! input your password!"; auth_basic_user_file / etc/nginx/auth_conf;}}

Reload the configuration file nginx-s reload after modification

Use a browser to access http://192.168.33.88/index.html

Enter the correct user name and password for normal access.

Limitations of ngx_http_auth_basic_module

User information depends on file mode

Low efficiency of operation and management

After reading this, the article "how to achieve Nginx request restriction and access control" has been introduced. If you want to master the knowledge points of this article, you still need to practice and use it yourself. If you want to know more about related articles, welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.