Shulou(Shulou.com)05/31 Report--

This article "based on Nginx how to prohibit designated IP, foreign IP access to the website" most people do not understand, so the editor summarized the following content, detailed, clear steps, with a certain reference value, I hope you can get something after reading this article, let's take a look at this "based on Nginx how to prohibit the designation of IP, foreign IP access to the website" article.

Use Nginx to prohibit designated IP and foreign IP from visiting my website.

There are many ways to achieve this function, so I will introduce the Nginx-based ngx_http_geoip2 module to prohibit foreign IP from visiting the website.

① installation geoip2 extension dependency: [root@fxkj ~] # yum install libmaxminddb-devel-y ② download ngx_http_geoip2_module module: [root@fxkj tmp] # git clone https://github.com/leev/ngx_http_geoip2_module.git[ro tmp] # ③ decompress module to the specified path

I will unzip it to the / usr/local directory here:

[root@fxkj tmp] # mv ngx_http_geoip2_module/ / usr/local/ [root@fxkj local] # ll ngx_http_geoip2_module/total 60 config-rw-r--r---1 root root 1199 Aug 13 17:20 config-rw-r--r-- 1 root root 1311 Aug 13 17:20 LICENSE-rw-r--r-- 1 root root 23525 Aug 13 17:20 ngx_http_geoip2_module.c-rw-r--r-- 1 root root 21029 Aug 13 17:20 ngx_stream_geoip2_module.c-rw-r--r-- 1 root root 3640 Aug 13 17:20 README.md ④ install the nginx module

First of all, explain the environment, my nginx version is 1.16, on the Internet to install the ngx_http_geoip2 module needs at least 1.18 version or above, so this installation I am to upgrade nginx1.18, add ngx_http_geoip2 module.

Download nginx version 1.18:

[root@fxkj ~] # yum install libmaxminddb-devel-y

Extract the nginx1.18 package, upgrade to nginx1.18, and add the ngx_http_geoip2 module.

It should be noted that:

Upgrade nginx, add nginx modules, just compile, and then make. No make instll is required, otherwise the online nginx will be completely replaced by the new version of nginx.

Before compiling, you need to see which modules are currently installed in nginx.

[root@fxkj tmp] # / usr/local/nginx/sbin/nginx-Vnginx version: nginx/1.16.0built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017TLS SNI support enabledconfigure arguments:-with-http_stub_status_module-prefix=/usr/local/nginx-user=nginx-group=nginx-with-http_ssl_module-with-stream

Compile and install:

[root@fxkj tmp] # tar-xf nginx-1.18.0.tar.gz [root@fxkj tmp] # cd nginx-1.18.0/ [root@fxkj nginx-1.18.0] #. / configure-- with-http_stub_status_module\-- prefix=/usr/local/nginx\-- user=nginx-- group=nginx-- with-http_ssl_module-- with-stream\-- add-module=/usr/local/ngx_http_geoip2_ module [root @ Fxkj nginx-1.18.0] # make [root@fxkj nginx-1.18.0] # cp / usr/loca/nginx/sbin/nginx / usr/loca/nginx/sbin/nginx1.16 # backup [root@fxkj nginx-1.18.0] # cp objs/nginx / usr/local/nginx/sbin/ # kill nginx [root@fxkj nginx-1.18.0] # pkill nginx # with the new one to overwrite the old [root] # fxkj nginx-1.18. 0] # / usr/local/nginx/sbin/nginx # start Nginx again

View the nginx version and the installed modules:

[root@fxkj nginx-1.18.0] # / usr/local/nginx/sbin/nginx-Vnginx version: nginx/1.18.0built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017TLS SNI support enabledconfigure arguments:-with-http_stub_status_module-prefix=/usr/local/nginx-user=nginx-group=nginx-with-http_ssl_module-with-stream-add-module=/usr/local/ Ngx_http_geoip2_module ⑤ downloads the latest IP address database file

After the module is installed successfully, the database is also specified in Nginx. When installing the runtime, two are installed by default, located in the / usr/share/GeoIP/ directory, one with only IPv4, and one containing IPv4 and IPv6.

Log in to the www.maxmind.com URL, create an account, and download the latest library files. (no demo for account creation) Click on the left side, Download Files:

Select GeoLite2 Country and click Download GZIP to download:

Upload to / usr/share/GeoIP/ and decompress:

[root@fxkj local] # cd / usr/share/GeoIP/ [root@fxkj GeoIP] # lltotal 69612lrwxrwxrwx. 1 root root 17 Mar 7 2019 GeoIP.dat-> GeoIP-initial.dat-rw-r--r--. 1 root root 1242574 Oct 30 2018 GeoIP-initial.datlrwxrwxrwx. 1 root root 19 Mar 7 2019 GeoIPv6.dat-> GeoIPv6-initial.dat-rw-r--r--. 1 root root 2322773 Oct 30 2018 GeoIPv6-initial.dat-rw-r--r-- 1 root root 3981623 Aug 12 02:37 GeoLite2-Country.mmdb ⑥ configuration nginx profile

Back up the configuration file before modifying:

[root@fxkj ~] # cp / usr/local/nginx/conf/nginx.conf / usr/local/nginx/conf/nginx.conf-bak [root@fxkj ~] # vim / usr/local/nginx/conf/nginx.conf

Add a few lines to http to define the location of the database file:

Geoip2 / usr/share/GeoIP/GeoLite2-City.mmdb {auto_reload 5m / map geoip2 allowed_country allowed_country {default yes; CN no;}

Add a condition under location in server, and if the IP is a foreign IP, execute the following return action. I have defined three actions here and annotated two of them.

When visiting IP is a foreign IP, directly return 404:

If ($allowed_country = yes) {# return https://www.baidu.com; # return / home/japan; return 404;}

After the modification, check the configuration file and reload the nginx:

[root@fxkj] # / usr/local/nginx/sbin/nginx-tnginx: the configuration file / usr/local/nginx/conf/nginx.conf syntax is oknginx: configuration file / usr/local/nginx/conf/nginx.conf test is successful [roo@fxkj ~] # / usr/local/nginx/sbin/nginx-s reload ⑦ simulation test verification

Use the server of the overseas node to visit the website, here my IP is from Korea:

You can see that a 404 Not Found error was reported when visiting the website:

Let's take a look at nginx's access log again:

"13.125.1.194-[14/Aug/2020:16:15:51 + 0800]" GET / favicon.ico HTTP/1.1 "404 548" https://www.fxkjnj.com/"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36"

The above is about the content of this article on "how to prohibit designated IP and foreign IP from visiting websites based on Nginx". I believe we all have some understanding. I hope the content shared by the editor will be helpful to you. If you want to know more about the relevant knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.