Shulou(Shulou.com)05/31 Report--

This article mainly explains "how to block IP and IP paragraphs by Nginx". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Now let the editor take you to learn "how to block IP and IP paragraphs by Nginx"!

Disable IP and IP segments

The ngx_http_access_module module of Nginx can seal the ip or ip segments in the configuration. The syntax is as follows:

Deny IP; deny subnet; allow IP; allow subnet; # block all ips deny all; # allow all ips allow all

If there is a conflict between rules, the first matching rule will prevail.

Configure to disable ip and ip segments

The following instructions assume that the directory of nginx is in / usr/local/nginx/.

First, you need to create a configuration file blockips.conf that encapsulates ip, and then vi blockips.conf edits this file and enter the ip to be sealed in the file.

Deny 1.2.3.4; deny 91.212.45.0; deny 91.212.65.0

Then save the file, open the nginx.conf file, and add the following line of configuration in the http configuration section:

Include blockips.conf

Save the nginx.conf file, and then test whether the current nginx configuration file is legal:

/ usr/local/nginx/sbin/nginx-t

If there is no problem with the configuration, it will output:

The configuration file / usr/local/nginx/conf/nginx.conf syntax is ok configuration file / usr/local/nginx/conf/nginx.conf test is successful

If there is a problem with the configuration, you need to check where there is a syntax problem, and if there is no problem, you need to execute the following command to have nginx reload the configuration file.

/ usr/local/nginx/sbin/nginx-s reload

Only private network ip is allowed

How to disable all public network ip and only allow private network ip?

The following configuration file

Location / {# block one workstation deny 192.168.1.1; # allow anyone in 192.168.1.0 allow anyone in 24 allow 192.168.1.0 Universe 24; # drop rest of the world deny all;}

192.168.1.1 is disabled in the above configuration, allowing other private network segments, and then deny all prohibits all other ip.

Format the 403 pages of nginx

How to format the 403 pages of nginx?

First execute the following command:

Cd / usr/local/nginx/html vi error403.html

Then enter the file contents of 403, for example:

Error 403-IP Address Blocked Your IP Address is blocked. If you this an error, please contact binghe with your IP at test@binghe.com

If SSI is enabled, the blocked client ip can be displayed in 403, as follows:

Your IP Address is blocked.

Save the error403 file, then open the nginx configuration file vi nginx.conf, and add the following to the server configuration section.

# redirect server error pages to the static page error_page 403 / error403.html; location = / error403.html {root html;}

Then save the configuration file, use the nginx-t command to test whether the configuration file is correct, and load the configuration correctly through nginx-s reload.

At this point, I believe you have a deeper understanding of "how to block IP and IP by Nginx". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.