apache限制ip方法
documentroot “/opt/htdocs/www/”
servername admin.c1gstudio.com
Options IncludesNoExec FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.1 222.222.222.222 111.111.111.111
使用ngx_http_access_module限制ip访问
官方示例
http://wiki.codemongers.com/NginxHttpAccessModule#allow
location / {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
deny all;
}
改成自已的
location / {
allow 127.0.0.1;
allow 222.222.222.222;#服务器ip
allow 111.111.111.111;#自已电脑的ip
deny all;
}
location ~ .*\.php?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}
location ~ ^/cgi-bin/.*\.pl$ {
auth_basic “Restricted”;
auth_basic_user_file htpasswd;
gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped
include awstats.conf;
}
location ^~ /nginx {
stub_status on;
access_log off;
auth_basic “NginxStatus”;
auth_basic_user_file htpasswd;
}
location ~ ^/memcached {
access_log off;
auth_basic “NginxStatus”;
auth_basic_user_file htpasswd;
}
结果:测试下来非定义的ip还是可以访问。
再修改下正则
location ^~ / {
allow 127.0.0.1;
allow 222.222.222.222;#服务器ip
allow 111.111.111.111;#自已电脑的ip
deny all;
}
结果:非定义的是ip不可以访问了,但php变明文显示,perl是404。
|
|
|
| 你可以看看 nginx 的文档里面关于 location 的说明。它的匹配方式是 正则表达式 优先级比较高。
就是说,你的 PHP 解析用的是 正则表达式进行匹配,而你要限制的目录不是用正则表达式,所以,就算是要限制的目录,因为PHP还是能被匹配到,所以,还是解析PHP了。所以,如果想解决的话,可能需要把目录也写成正则匹配,而且要放在PHP的前面,否则就会先匹配PHP
|
satisfy_any on;
http://www.freebsdchina.org/forum/viewtopic.php?t=42141
使用多级目录将保护目录放在根中
location / {
#allow 127.0.0.1;
#allow 222.222.222.222;#服务器ip
allow 111.111.111.111;#自已电脑的ip
deny all;
location ~ .*\.php?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}
location ~ ^/cgi-bin/.*\.pl$ {
auth_basic “Restricted”;
auth_basic_user_file htpasswd;
gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped
include awstats.conf;
}
location ^~ /nginx {
stub_status on;
access_log off;
auth_basic “NginxStatus”;
auth_basic_user_file htpasswd;
}
location ~ ^/memcached {
access_log off;
auth_basic “NginxStatus”;
auth_basic_user_file htpasswd;
}
}
结果:有效
整个域名需禁止访问可以写在server中
server {
listion 80;
server_name admin.c1gstudio.com;
root /opt/htdocs/www;
allow 111.111.111.111;#自已电脑的ip
deny all;
auth_basic “Nginx_Panel”;
auth_basic_user_file htpasswd;
location ~ .*\.php?$
{
….
}
location ^~ /phpmyadmin {
satisfy any;
access_log off;
location ~ .*\.php?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}
}
location ^~ /memcached {
satisfy any;
access_log off;
location ~ .*\.php?$
{
#fastcgi_pass unix:/tmp/php-cgi.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fcgi.conf;
}
}
}
参考:http://marc.info/?l=nginx&m=120127282911304&w=2
Posted in Apache, Nginx, 安全, 技术.
Tagged with apache, ip 限制, nginx, password, 目录保护.
By C1G
– 2008/09/16
No Responses (yet)
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.