nginx deny ip
2019-09-25nginx deny ip,nginx的ngx_http_access_module 模块可以封配置内的ip或者ip段,如果规则之间有冲突,会以最前面匹配的规则为准。
1、语法:
deny IP;
deny subnet;
allow IP;
allow subnet;
# block all ips
deny all;
# allow all ips
allow all;
2、vi blockips.conf编辑此文件,在文件中输入要封的ip。
deny 1.2.3.4;
deny 91.212.45.0/24;
deny 91.212.65.0/24;
3、include blockips.conf;
4、如何禁止所有外网ip,仅允许内网ip呢?
如下配置文件
location / {
# block one workstation
deny 192.168.1.1;
# allow anyone in 192.168.1.0/24
allow 192.168.1.0/24;
# drop rest of the world
deny all;
}
5、nginx: [warn] low address bits of 92.67.220.249/28 are meaningless in
错误原因是因为子网划分错误,比如 92.67.220.249/28,每个子网有16个ip所以起始ip一定要是16的倍数这个子网应该写成这样92.67.220.240/28;
192.168.1.0/24;