Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

The realization method of setting directory whitelist and ip whitelist in nginx

2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

1. Set directory whitelist: set no limit on the specified request path. If there is no limit on the request under the api directory, you can write as

Server {location / app {proxy_pass http://192.168.1.111:8095/app; limit_conn conn 20; limit_rate 500k; limit_req zone=foo burst=5 nodelay;} location / app/api {proxy_pass http://192.168.1.111:8095/app/api}} # because nginx will give priority to precise matching, so the above words come into contact with the restrictions on the paths belonging to the api directory

two。 Setting up ip whitelist requires nginx geo and nginx map

When there is no artificial deletion (--without-http_geo_module or-- without-http_map_module), nginx loads ngx-http-geo-module and ngx-http-map-module related content by default

Ngx-http-geo-module can be used to create variables whose values depend on the client ip address

Ngx-http-map-module can create variables based on other variables and variable values, which allow classification, or map multiple variables to different values and store them in one variable

Nginx geo format description Syntax (syntax format): geo [$address] $variable {...} Default (default):-Content (configuration Rank): httpNginx map format description Syntax (syntax format): map String $variable {...} Default (default):-Content (configuration Rank): http whitelist configuration example http {#... Other configuration content # define whitelist ip list variable geo $whiteiplist {default 1; 127.0.0.1 binary_remote_addr 320; 64.223.160.0 limit zone=conn:10m;} # use map instruction mapping to make the client request ip in the whitelist empty string map $whiteiplist $limit {1 $binary_remote_addr; 0 ";} # configure request restriction content limit_conn_zone $limit zone=conn:10m Limit_req_zone $limit zone=allips:10m rate=20r/s; server {location / yourApplicationName {proxy_pass http://192.168.1.111:8095/app; limit_conn conn 50; limit_rate 500k; limit_req zone=allips burst=5 nodelay } whitelist configuration can be used to filter restrictions on requests such as partner customers, search engines, etc. # (special case handling) # if you want to limit only specified requests, such as Post requests, then: http {# other requests. # request address map mapping map $request_method $limit {default "; POST $binary_remote_addr;} # limit the definition of limit_req_zone $limit zone=reqlimit:20m rate=10r/s Server {... # consistent with general restrictions}} # on this basis, if you want to handle whitelist restrictions for specified methods, then: http {#... # define whitelist map $whiteiplist $limitips {1 $binary_remote_addr; 0 ";} # define map $request_method $limit {default" based on whitelist list # POST $binary_remote_addr; POST $limitips;} # reference the request limit_req_zone $limit zone=reqlimit:20m rate=10r/s; # reference server {# in server. Same as normal limit}}

The above nginx setting directory whitelist, ip whitelist implementation method is the editor to share with you all the content, I hope to give you a reference, but also hope that you support more.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report