[资料]Nginx做IP访问限制以及正则规则

nginx配置location总结及rewrite规则写法

Nginx Location配置总结

Nginx 禁止某个IP访问

server {
    listen       443;
    root  /webroot/;
    server_name  serverName;
    access_log    /data/log/nginx/access_web_domain.log  main buffer=32k flush=5s;
    charset utf-8;
    client_max_body_size 200m;

    ssl on;
    ssl_certificate /etc/ssl/server.cer;
    ssl_certificate_key /etc/ssl/server.key;
    ssl_client_certificate /etc/ssl/dvroot.cer;
    ssl_session_timeout  5m;
    ssl_protocols  SSLv2  TLSv1 TLSv1.1 TLSv1.2;
    #ssl_protocols  SSLv2  SSLv3;
    ssl_ciphers  ALL:!ADH:!EXPORT:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

    #location / {
    #    root   /webroot/;
    #    index  index.html index.htm index.php;
    #}

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }

    # 正则例处处理
    location /(group1|group2)/api {
        allow all;    
    }

    # url rewrite
    location / {
        index  index.php;
        if (!-e $request_filename) {
            rewrite  ^/(.*)$  /index.php/$1  last;
            break;
        }
        allow  XXX.XXX.XXX.XXX; #某某公司IP
        deny   all;
    }

    # 图片，FLASH cache time
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
        expires 30d;
    }

    # js,css cache time
    location ~ .*\.(js|css)?$ {
        expires 6h;
    }

    location ~ .*\.(php)?$ {
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index ThinkPHP.index;
        include fcgi.conf;
    }

    location ~ .+\.php($|/){
        set $script    $uri;
        set $path_info  "/";
        if ($uri ~ "^(.+\.php)(/.+)") {
            set $script     $1;
            set $path_info  $2;
        } 

        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index  index.php?IF_REWRITE=1;
        include fcgi.conf;
        fastcgi_param HTTPS on;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param SCRIPT_FILENAME  $document_root/$script;
        fastcgi_param SCRIPT_NAME $script;
    }    
}

server {
    listen 80;
    server_name  manage.vxinyou.com;
    access_log    /data/log/nginx/access_domain.log  main buffer=32k flush=5s;
    rewrite ^/(.*) https://$server_name/$1 permanent;    #跳转到Https
}