nginx 使用ip和密码保护你的目录

 

apache限制ip方法

documentroot “/opt/htdocs/www/” servername admin.c1gstudio.com     Options IncludesNoExec FollowSymLinks     AllowOverride None     Order deny,allow     Deny from all     Allow from 127.0.0.1 222.222.222.222 111.111.111.111

使用ngx_http_access_module限制ip访问

官方示例 http://wiki.codemongers.com/NginxHttpAccessModule#allow

location / {     deny    192.168.1.1;     allow   192.168.1.0/24;     allow   10.1.1.0/16;     deny    all; }

改成自已的

location / {     allow   127.0.0.1;     allow   222.222.222.222;#服务器ip     allow   111.111.111.111;#自已电脑的ip     deny    all; }              location ~ .*\.php?$              {                   #fastcgi_pass  unix:/tmp/php-cgi.sock;                   fastcgi_pass  127.0.0.1:9000;                   fastcgi_index index.php;                   include fcgi.conf;                   }       location ~ ^/cgi-bin/.*\.pl$ {     auth_basic “Restricted”;     auth_basic_user_file htpasswd;     gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped     include awstats.conf;       }              location ^~ /nginx {                   stub_status on;                   access_log   off;     auth_basic “NginxStatus”;     auth_basic_user_file htpasswd;              }              location ~ ^/memcached {                   access_log   off;     auth_basic “NginxStatus”;     auth_basic_user_file htpasswd;              }

结果：测试下来非定义的ip还是可以访问。

再修改下正则

location ^~ / {     allow   127.0.0.1;     allow   222.222.222.222;#服务器ip     allow   111.111.111.111;#自已电脑的ip     deny    all; }

结果：非定义的是ip不可以访问了，但php变明文显示，perl是404。

你可以看看 nginx 的文档里面关于 location 的说明。它的匹配方式是 正则表达式 优先级比较高。 就是说，你的 PHP 解析用的是 正则表达式进行匹配，而你要限制的目录不是用正则表达式，所以，就算是要限制的目录，因为PHP还是能被匹配到，所以，还是解析PHP了。所以，如果想解决的话，可能需要把目录也写成正则匹配，而且要放在PHP的前面，否则就会先匹配PHP

   satisfy_any on;

http://www.freebsdchina.org/forum/viewtopic.php?t=42141

使用多级目录将保护目录放在根中

location / {     ＃allow   127.0.0.1;     ＃allow   222.222.222.222;#服务器ip     allow   111.111.111.111;#自已电脑的ip     deny    all;              location ~ .*\.php?$              {                   #fastcgi_pass  unix:/tmp/php-cgi.sock;                   fastcgi_pass  127.0.0.1:9000;                   fastcgi_index index.php;                   include fcgi.conf;                   }       location ~ ^/cgi-bin/.*\.pl$ {     auth_basic “Restricted”;     auth_basic_user_file htpasswd;     gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped     include awstats.conf;       }              location ^~ /nginx {                   stub_status on;                   access_log   off;     auth_basic “NginxStatus”;     auth_basic_user_file htpasswd;              }              location ~ ^/memcached {                   access_log   off;     auth_basic “NginxStatus”;     auth_basic_user_file htpasswd;              } }

结果：有效

整个域名需禁止访问可以写在server中

server { listion 80; server_name admin.c1gstudio.com; root /opt/htdocs/www; allow   111.111.111.111;#自已电脑的ip deny    all; auth_basic “Nginx_Panel”; auth_basic_user_file htpasswd; location ~ .*\.php?$ { …. }  location ^~ /phpmyadmin {   satisfy any;        access_log   off;        location ~ .*\.php?$        {      #fastcgi_pass  unix:/tmp/php-cgi.sock;      fastcgi_pass  127.0.0.1:9000;      fastcgi_index index.php;      include fcgi.conf;             } } location ^~ /memcached {   satisfy any;        access_log   off;        location ~ .*\.php?$        {      #fastcgi_pass  unix:/tmp/php-cgi.sock;      fastcgi_pass  127.0.0.1:9000;      fastcgi_index index.php;      include fcgi.conf;             } } }

参考：http://marc.info/?l=nginx&m=120127282911304&w=2