• [nginx]站点目录及文件访问控制


    nginx.conf配置文件

    http ->多个server -> 多个location ->可限制目录和文件访问(根据i扩展名限制或者rewrite.)

    根据目录或扩展名,禁止用户访问指定数据信息

    禁止访问目录下的某些扩展名文件

    这次我测一下,禁止访问网站目录下的 html/images/*.txt文件

    [root@n1 nginx]# tree html/
    html/
    ├── 50x.html
    ├── images
    │   └── maotai.txt
    └── index.html
    
    

    • 设置禁止访问
    location ~ ^/images/.*.(txt|php|php5|sh|pl|py|html)$
    {
        deny all;
    }
    

    • 日志查看
    - access.log: 允许访问
    192.168.2.1 - - [11/Mar/2018:10:58:06 +0800] "GET /images/maotai.txt HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"
    
    - access.log: 禁止访问
    192.168.2.1 - - [11/Mar/2018:10:59:10 +0800] "GET /images/maotai.txt HTTP/1.1" 403 563 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"
    
    - error.log
    2018/03/11 10:59:10 [error] 28357#0: *16 access forbidden by rule, client: 192.168.2.1, server: localhost, request: "GET /images/maotai.txt HTTP/1.1", host: "192.168.2.11"
    

    附录: nginx.conf

    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        sendfile        on;
        keepalive_timeout  65;
        server {
            listen       80;
            server_name  localhost;
            location / {
                root   html;
                index  index.html index.htm;
            }
            location ~ ^/images/.*.(txt|php|php5|sh|pl|py|html)$
            {
                deny all;
            }
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
        }
    }
    

    当访问禁止的数据信息时,进行页面跳转(rewrite)

    访问http://www.maotai.com/images/1.png -> http://www.baidu.com/images/1.png

            location ~* .(txt|doc)$ {
                if (-f $request_filename){
                    root html/images/;
                    #rewrite …..可以重定向到某个URL
                    rewrite ^/(.*) http://www.baidu.com/$1 permanent;
                    break;
                }
            }
    

    根据IP地址或网络进行访问策略控制

    location / { 
        deny 192.168.1.1;
        allow 192.168.1.0/24;
        allow 10.1.1.0/16;
        deny all;
    }
    
    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        sendfile        on;
        keepalive_timeout  65;
        server {
            listen       80;
            server_name  localhost;
    
            location / {
                root   html;
                index  index.html index.htm;
            }
            location ~* .(txt|doc)$ {
                if (-f $request_filename){
                    root html/images/;
                    #rewrite …..可以重定向到某个URL
                    rewrite ^/(.*) http://www.nmtui.com/$1 permanent;
                    break;
                }
            }
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
        }
    }
    

    采用if判断方式,进行访问控制

            if ($remote_addr = 192.168.2.1) {
                return 403;
            }
    
    worker_processes  1;
    events {
        worker_connections  1024;
    }
    http {
        include       mime.types;
        default_type  application/octet-stream;
        sendfile        on;
        keepalive_timeout  65;
        server {
            listen       80;
            server_name  localhost;
    
            location / {
                root   html;
                index  index.html index.htm;
            }
            if ($remote_addr = 192.168.2.1) {
                return 403;
            }
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
        }
    }
    
  • 相关阅读:
    页面性能优化的简单介绍
    JavaScript基础介绍
    迅雷/快车/旋风地址转换器
    关于 API 中返回字串的一些问题
    将文件夹映射为驱动器的工具
    BCB/Delphi2007 隐藏任务栏图标
    所有小工具
    oracle ora01033和ora00600错误
    批量更改文件名的批处理文件
    替代Windows运行功能的工具FastRun
  • 原文地址:https://www.cnblogs.com/iiiiher/p/8543506.html
Copyright © 2020-2023  润新知