nginx根据user_agent做访问控制
2017-01-07 14:56
351 查看
if ($http_user_agent ~ 'curl|baidu|1111')
{
return 403;
}如果user_agent是curl,baidu,1111,那么就不能访问网站:整个配置文件如下:
server加载配置文件,可以用curl来模拟用户标识:
{
listen 80;
server_name www.test.com www.123.com;
index index.html index.htm index.php;
root /data/www;
access_log /tmp/logs/access_log test;
if ($host != 'www.test.com') {
rewrite ^/(.*)$ http://www.test.com/$1 permanent;
}
location ~ .*forum\.php$ {
auth_basic "auth";
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
#user_agent设置
if ($http_user_agent ~ 'curl|baidu|1111') { return 403; }
location ~ .*\.(gif|jpg|png|jpeg|bmp|swf)$ {
expires 15d;
access_log off;
#防盗链设置如下
valid_referers none blocked *.test.com *.123.com;
if ($invalid_referer) {
return 403;
}
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
}
-A 后面跟上模拟的用户标识 [root@lnmp vhosts]# curl -A "1111" -x127.0.0.1:80 http://www.test.com -I HTTP/1.1 403 Forbidden Server: nginx/1.4.4 Date: Wed, 04 Jan 2017 06:50:45 GMT Content-Type: text/html Content-Length: 168 Connection: keep-alive [root@lnmp vhosts]# curl -A "gfdgsfdg" -x127.0.0.1:80 http://www.test.com -I #未被设置,可以访问 HTTP/1.1 301 Moved Permanently Server: nginx/1.4.4 Date: Wed, 04 Jan 2017 06:50:52 GMT Content-Type: text/html Connection: keep-alive X-Powered-By: PHP/5.3.27 location: forum.php [root@lnmp vhosts]# curl -A "baidu" -x127.0.0.1:80 http://www.test.com -I HTTP/1.1 403 Forbidden Server: nginx/1.4.4 Date: Wed, 04 Jan 2017 06:51:09 GMT Content-Type: text/html Content-Length: 168 Connection: keep-alive [root@lnmp vhosts]# curl -x127.0.0.1:80 http://www.test.com -I #默认标识为curl HTTP/1.1 403 Forbidden Server: nginx/1.4.4 Date: Wed, 04 Jan 2017 06:51:18 GMT Content-Type: text/html Content-Length: 168 Connection: keep-alive [root@lnmp vhosts]# curl -A "gavafddafsv" -x127.0.0.1:80 http://www.test.com -I #可以访问 HTTP/1.1 301 Moved Permanently Server: nginx/1.4.4 Date: Wed, 04 Jan 2017 06:51:29 GMT Content-Type: text/html Connection: keep-alive X-Powered-By: PHP/5.3.27 location: forum.php
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- nginx防盗链+访问控制+限制指定目录运行php+解析支持php+现在user_agent
- nginx 使用 user_agent 控制客户端访问
- Nginx 访问控制&屏蔽指定 user_agent
- 利用nginx来屏蔽指定的user_agent的访问以及根据user_agent做跳转
- Nginx屏蔽个别User-Agent蜘蛛访问网站的方法
- nginx根据http_user_agent防DDOS
- 技术文章 | nginx lua 小项目:根据 user_agent 显示不同的页面_附带和 php 性能的对比
- Nginx屏蔽个别User-Agent蜘蛛访问网站的方法
- Centos7.2 Apache根据User-Agent设置访问禁止
- nginx根据http_user_agent防DDOS
- 利用nginx来屏蔽指定的user_agent的访问
- 使用 Nginx 内置 $http_user_agent 来区分( 电脑 pc、手机 mobile、平板 pad )端的内容访问
- 访问控制-禁止php解析、user_agent,PHP相关配置
- Nginx屏蔽个别User-Agent蜘蛛访问网站的方法
- Apache2.4使用require指令进行访问控制--允许或限制IP访问/通过User-Agent禁止不友好网络爬虫
- 利用nginx来屏蔽指定的user_agent的访问
- nginx根据http_user_agent中包含的内容进行跳转
- Apache2.4使用require指令进行访问控制–允许或限制IP访问/通过User-Agent禁止不友好网络爬虫
- apache学习笔记(访问控制|禁止解析|禁止指定user_agent)
- nginx根据http_user_agent防DDOS