LNMP - nginx访问控制

为了限制某些用户或者IP等访问网站 而设置的访问控制权限

1、修改虚拟主机配置文件

[root@bogon tmp]# vim /usr/local/nginx/conf/vhosts/test.conf

server
{
    listen 80;
    server_name www.test.com www.aaa.com;
    if ($host != 'www.test.com')
    {
     rewrite ^/(.*)$ http://www.test.com/$1 permanent;
    }
    index index.html index.htm index.php;
    root /data/www;
    access_log /tmp/access.log combined_realip;

    location ~ .*admin\.php$ {
        #auth_basic "caimz auth";
     #auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
     allow 127.0.0.1;
     deny all;
        include fastcgi_params;
        fastcgi_pass unix:/tmp/php-fcgi1.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
    }
    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|rar|zip|gz|bz2)$
    {
     access_log off;
     expires 15d;
     valid_referers none blocked *.test.com *.aaa.com *.aminglinux.com;
     if ($invalid_referer)
     {
          return 403;
     }
    }
    location ~ \.(js|css)
    {
     access_log off;
     expires 2h;    
    }
    location ~ (static|cache)
    {
     access_log off;
    }
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass unix:/tmp/php-fcgi1.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
    }
}

wKioL1Y0tFWzLnbyAAMW9eoHGvM687.jpg

且设置的是admin.php这个网站的访问权限。

wKiom1Y0tDzBmo84AAGJYOSRYdY940.jpg

2、检测配置文件正确性

[root@bogon tmp]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

3、重新加载nginx的配置文件
[root@bogon tmp]# /usr/local/nginx/sbin/nginx -s reload

4、测试

[root@bogon tmp]# curl -x127.0.0.1:80 www.test.com/admin.php -I  #本机测试OK。
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Sun, 25 Oct 2015 10:09:18 GMT
Content-Type: text/html; charset=gbk
Connection: keep-alive
X-Powered-By: PHP/5.6.6
Set-Cookie: 7HV5_2132_saltkey=tc77ozPa; expires=Tue, 24-Nov-2015 10:09:18 GMT; Max-Age=2592000; path=/; httponly
Set-Cookie: 7HV5_2132_lastvisit=1445764158; expires=Tue, 24-Nov-2015 10:09:18 GMT; Max-Age=2592000; path=/
Set-Cookie: 7HV5_2132_sid=FVUuVD; expires=Mon, 26-Oct-2015 10:09:18 GMT; Max-Age=86400; path=/
Set-Cookie: 7HV5_2132_lastact=1445767758%09admin.php%09; expires=Mon, 26-Oct-2015 10:09:18 GMT; Max-Age=86400; path=/

我笔记本直接访问虚拟机
(虚拟机是安装在我笔记本上的,虚拟机的IP:192.168.0.103   我笔记本的IP:192.168.0.106)

wKioL1Y0tKGwhzTcAADBtoUsemI000.jpg

显示403,也就是我笔记本访问的admin.php的时候显示403,因为来源IP不是本机(虚拟机)是我的笔记本所以拒绝了。

访问网站下其他网页

wKioL1Y0tMvj1bBgAAJGi9PGbII763.jpg

测试OK的,因为我没对其做限制。

 a、设置全局权限

wKiom1Y0tK_ic9fRAAMJSNyjV6U193.jpg

设置完以后检查配置文件和重新加载配置文件

[root@bogon tmp]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@bogon tmp]# /usr/local/nginx/sbin/nginx -s reload

然后我本地访问

[root@bogon tmp]# curl -x127.0.0.1:80 www.test.com/forum.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Sun, 25 Oct 2015 10:30:35 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive

出现了403.因为我设置了本地访问,所以拒绝了。


b、我笔记本访问

出现了403,因为我的笔记本是在192.168.0.0网段内,所以访问的时候拒绝了,显示403.

wKioL1Y0tQmgTnC3AADlhdT-cck401.jpg

你可能感兴趣的:(-,LNMP,Nginx访问控制)