


How to ban specified IPs and foreign IPs from accessing the website based on Nginx
Use Nginx to prohibit specified IPs and foreign IPs from accessing my website
There are many ways to achieve this function. Below I will introduce the one based on Nginx ngx_http_geoip2 module to prevent foreign IPs from accessing the website.
①Install geoip2 extension dependency:
[root@fxkj ~]# yum install libmaxminddb-devel -y
②Download ngx_http_geoip2_module module:
[root@fxkj tmp]# git clone https://github.com/leev/ngx_http_geoip2_module.git [ro tmp]#
③Unzip the module to the specified path
I unzip it here to /usr/ Under the local directory:
[root@fxkj tmp]# mv ngx_http_geoip2_module/ /usr/local/ [root@fxkj local]# ll ngx_http_geoip2_module/ total 60 -rw-r--r-- 1 root root 1199 Aug 13 17:20 config -rw-r--r-- 1 root root 1311 Aug 13 17:20 LICENSE -rw-r--r-- 1 root root 23525 Aug 13 17:20 ngx_http_geoip2_module.c -rw-r--r-- 1 root root 21029 Aug 13 17:20 ngx_stream_geoip2_module.c -rw-r--r-- 1 root root 3640 Aug 13 17:20 README.md
④Install the nginx module
First explain the environment. My nginx version is 1.16. I checked online that installing the ngx_http_geoip2 module requires at least version 1.18 and above, so this During the first installation, I upgraded nginx1.18 and added the ngx_http_geoip2 module.
Download nginx 1.18 version:
[root@fxkj ~]# yum install libmaxminddb-devel -y
Unzip the nginx1.18 software package, upgrade to nginx1.18, and add the ngx_http_geoip2 module.
Note:
To upgrade nginx and add modules, you only need to compile and then perform the make operation. If you execute make install, the new version of nginx will completely replace the online nginx.
Before compiling, you need to check which modules are currently installed in nginx.
[root@fxkj tmp]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.16.0 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: –with-http_stub_status_module –prefix=/usr/local/nginx –user=nginx –group=nginx –with-http_ssl_module –with-stream
Compile and install:
[root@fxkj tmp]# tar -xf nginx-1.18.0.tar.gz [root@fxkj tmp]# cd nginx-1.18.0/ [root@fxkj nginx-1.18.0]# ./configure --with-http_stub_status_module \ --prefix=/usr/local/nginx \ --user=nginx --group=nginx --with-http_ssl_module --with-stream \ --add-module=/usr/local/ngx_http_geoip2_module [root@fxkj nginx-1.18.0]# make [root@fxkj nginx-1.18.0]# cp /usr/loca/nginx/sbin/nginx /usr/loca/nginx/sbin/nginx1.16 #备份 [root@fxkj nginx-1.18.0]# cp objs/nginx /usr/local/nginx/sbin/ #用新的去覆盖旧的 [root@fxkj nginx-1.18.0]# pkill nginx #杀死nginx [root@fxkj nginx-1.18.0]# /usr/local/nginx/sbin/nginx #再次启动Nginx
Check the nginx version and installed modules:
[root@fxkj nginx-1.18.0]# /usr/local/nginx/sbin/nginx -V nginx version: nginx/1.18.0 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: –with-http_stub_status_module –prefix=/usr/local/nginx –user=nginx –group=nginx –with-http_ssl_module –with-stream –add-module=/usr/local/ngx_http_geoip2_module
⑤Download the latest IP address database file
After the module is installed successfully, you need to specify the database in Nginx. When installing the runtime library, two are installed by default, located in the /usr/share/GeoIP/ directory, one only has IPv4, and the other includes IPv4 and IPv6.
Enter the www.maxmind.com website, register an account and download the latest library files. Click Download Files on the left, skip the account creation steps
Select GeoLite2 Country, click Download GZIP to download:
Upload to /usr/share/GeoIP/ and decompress:
[root@fxkj local]# cd /usr/share/GeoIP/ [root@fxkj GeoIP]# ll total 69612 lrwxrwxrwx. 1 root root 17 Mar 7 2019 GeoIP.dat -> GeoIP-initial.dat -rw-r--r--. 1 root root 1242574 Oct 30 2018 GeoIP-initial.dat lrwxrwxrwx. 1 root root 19 Mar 7 2019 GeoIPv6.dat -> GeoIPv6-initial.dat -rw-r--r--. 1 root root 2322773 Oct 30 2018 GeoIPv6-initial.dat -rw-r--r-- 1 root root 3981623 Aug 12 02:37 GeoLite2-Country.mmdb
⑥Configure nginx configuration file
Back up the configuration file before modifying:
[root@fxkj ~]# cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf-bak [root@fxkj ~]# vim /usr/local/nginx/conf/nginx.conf
In http Add a few lines to define the location of the database file:
geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb { auto_reload 5m; $geoip2_data_country_code country iso_code; } map $geoip2_data_country_code $allowed_country { default yes; CN no; }
Add conditions under the location in the server. If the IP is a foreign IP, perform the following return action. Here I am Three types are defined and two of them are annotated.
When the accessed IP is a foreign IP, 404 will be returned directly:
if ($allowed_country = yes) { # return https://www.baidu.com; # return /home/japan; return 404; }
[root@fxkj ~]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [roo@fxkj ~]# /usr/local/nginx/sbin/nginx -s reload
“13.125.1.194 – – [14/Aug/2020:16:15:51 +0800] “GET /favicon.ico HTTP/1.1” 404 548 “https://www.fxkjnj.com/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36”
The above is the detailed content of How to ban specified IPs and foreign IPs from accessing the website based on Nginx. For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

To allow the Tomcat server to access the external network, you need to: modify the Tomcat configuration file to allow external connections. Add a firewall rule to allow access to the Tomcat server port. Create a DNS record pointing the domain name to the Tomcat server public IP. Optional: Use a reverse proxy to improve security and performance. Optional: Set up HTTPS for increased security.

The start and stop commands of Nginx are nginx and nginx -s quit respectively. The start command starts the server directly, while the stop command gracefully shuts down the server, allowing all current requests to be processed. Other available stop signals include stop and reload.

Steps to run ThinkPHP Framework locally: Download and unzip ThinkPHP Framework to a local directory. Create a virtual host (optional) pointing to the ThinkPHP root directory. Configure database connection parameters. Start the web server. Initialize the ThinkPHP application. Access the ThinkPHP application URL and run it.

To register for phpMyAdmin, you need to first create a MySQL user and grant permissions to it, then download, install and configure phpMyAdmin, and finally log in to phpMyAdmin to manage the database.

Server deployment steps for a Node.js project: Prepare the deployment environment: obtain server access, install Node.js, set up a Git repository. Build the application: Use npm run build to generate deployable code and dependencies. Upload code to the server: via Git or File Transfer Protocol. Install dependencies: SSH into the server and use npm install to install application dependencies. Start the application: Use a command such as node index.js to start the application, or use a process manager such as pm2. Configure a reverse proxy (optional): Use a reverse proxy such as Nginx or Apache to route traffic to your application

To solve the "Welcome to nginx!" error, you need to check the virtual host configuration, enable the virtual host, reload Nginx, if the virtual host configuration file cannot be found, create a default page and reload Nginx, then the error message will disappear and the website will be normal show.

nginx appears when accessing a website. The reasons may be: server maintenance, busy server, browser cache, DNS issues, firewall blocking, website misconfiguration, network connection issues, or the website is down. Try the following solutions: wait for maintenance to end, visit during off-peak hours, clear your browser cache, flush your DNS cache, disable firewall or antivirus software, contact the site administrator, check your network connection, or use a search engine or web archive to find another copy of the site. If the problem persists, please contact the site administrator.

There are five methods for container communication in the Docker environment: shared network, Docker Compose, network proxy, shared volume, and message queue. Depending on your isolation and security needs, choose the most appropriate communication method, such as leveraging Docker Compose to simplify connections or using a network proxy to increase isolation.
