1. Set the directory whitelist: There is no restriction on the specified request path. If there is no restriction on the request path to the api directory, it can be written as
server{ location /app { proxy_pass http://192.168.1.111:8095/app; limit_conn conn 20; limit_rate 500k; limit_req zone=foo burst=5 nodelay; } location /app/api { proxy_pass http://192.168.1.111:8095/app/api } } # 因nginx会优先进行精准匹配,所以以上写法即接触了对api目录下属路径的限制
2. To set the IP whitelist, you need to use nginx geo and nginx map
If there is no manual deletion (--without-http_geo_module or --without-http_map_module), nginx loads it by default ngx-http-geo-module and ngx-http-map-module related content;
ngx-http-geo-module can be used to create variables, the variable value depends on the client ip address;
ngx-http-map-module can create variables based on other variables and variable values, which allows classification, or mapping multiple variables to different values and storing them in one variable;
nginx geo 格式说明 syntax ( 语法格式 ): geo [$address] $variable { ... } default ( 默认 ): - content ( 配置段位 ): http nginx map 格式说明 syntax ( 语法格式 ): map string $variable { ... } default ( 默认 ):- content ( 配置段位 ): http 白名单配置示例 http{ # ... 其他配置内容 #定义白名单ip列表变量 geo $whiteiplist { default 1 ; 127.0.0.1/32 0; 64.223.160.0/19 0; } #使用map指令映射将白名单列表中客户端请求ip为空串 map $whiteiplist $limit{ 1 $binary_remote_addr ; 0 ""; } #配置请求限制内容 limit_conn_zone $limit zone=conn:10m; limit_req_zone $limit zone=allips:10m rate=20r/s; server{ location /yourapplicationname { proxy_pass http://192.168.1.111:8095/app; limit_conn conn 50; limit_rate 500k; limit_req zone=allips burst=5 nodelay; } } } 白名单配置可用于对合作客户,搜索引擎等请求过滤限制 #(特殊情况处理) #如果想仅限制指定的请求,如:只限制post请求,则: http{ # 其他请求.. #请求地址map映射 map $request_method $limit { default ""; post $binary_remote_addr; } #限制定义 limit_req_zone $limit zone=reqlimit:20m rate=10r/s; server{ ... #与普通限制一致 } } #在此基础上,想进行指定方法的白名单限制处理,则: http{ #... #定义白名单列表 map $whiteiplist $limitips{ 1 $binary_remote_addr; 0 ""; } #基于白名单列表,定义指定方法请求限制 map $request_method $limit { default ""; # post $binary_remote_addr; post $limitips; } #对请求进行引用 limit_req_zone $limit zone=reqlimit:20m rate=10r/s; #在server中进行引用 server{ #... 与普通限制相同 } }
The above is the detailed content of How to set directory whitelist and ip whitelist in nginx. For more information, please follow other related articles on the PHP Chinese website!