Nginx配置允许ip不工作拒绝所有工作正常

b1uwtaje 于 2023-06-05 发布在 Nginx

关注(0)|答案(2)|浏览(149)

我创建了一个新conf文件，以阻止访问所有公共IP，并只给予访问一个公共IP地址（办公室公共IP）。但是当我尝试访问它的显示“403禁止的nginx”

upstream backend_solr {
         ip_hash;
         server ip_address:port; 
} 
server {
         listen 80;
         server_name www.example.com;

         index /example/admin.html;

         charset utf-8;
         access_log /var/log/nginx/example_access.log main;

         location / {

            allow **office_public_ip**;
            deny all;
            proxy_pass  http://backend_solr-01/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }

        location ~ /favicon\.ico {
            root html;
        }

        location ~ /\. {
            deny all;
        }}

但在日志中它显示访问公共ip但被禁止

IP_Address - - [31/Jul/2017:12:43:05 +0800] "Get /example/admin.html HTTP/1.0" www.example.com "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "my_office _IP" "-" "-" "-" 403 564 0.000 - - -

nginx

来源：https://stackoverflow.com/questions/45407958/nginx-configuration-for-allow-ip-is-not-working-deny-all-is-working-fine

2条答案

按热度按时间

jc3wubiy1#

deny all对我不起作用，因为流量是通过代理在内部转发的。
以下是最终为我工作的内容：

upstream backend_solr {
    ip_hash;
    server ip_address:port; 
} 
server {
    listen 80;
    server_name www.example.com;

    index /example/admin.html;

     charset utf-8;
     access_log /var/log/nginx/example_access.log main;

     location / {
         # **
         set $allow false;
         if ($http_x_forwarded_for ~ " 12\.22\.22\.22?$")-public ip {
             set $allow true;
         }
         set $allow false;
         if ($http_x_forwarded_for ~ " ?11\.123\.123\.123?$")- proxy ip {
             set $allow true;
         }
         if ($allow = false) {
             return 403 ;
         }
         # **
         proxy_pass  http://backend_solr-01/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location ~ /favicon\.ico {
        root html;
    }

    location ~ /\. {
        deny all;
    }
}

赞(0）回复(0）举报 2023-06-05

o0lyfsai2#

这个nginx配置对我来说很有效：

location / {   ## Use the request url, not the directory on the filesystem.
  allow xxx.xxx.xxx.xxx;  ## Your specific IP
  deny all;
}

但是，xxx.xxx.xxx.xxx如果要拒绝或仅允许特定位置，则可以将allow www.example.com放置在该位置之外。

赞(0）回复(0）举报 2023-06-05

我来回答

Nginx配置允许ip不工作拒绝所有工作正常

2条答案

相关问题

热门标签

最新问答