LNMP搭建12:Nginx访问控制
2017-02-25 13:05
411 查看
编辑虚拟主机配置文件
[root@cp1 ~]# cd /usr/local/nginx/conf/vhosts/
[root@cp1 vhosts]# vim test.conf
将用户认证换成访问控制,白名单为本机
server
{
listen 80;
server_name www.test.com www.aaa.com www.bbb.com;
if ($host != 'www.test.com')
{
rewrite ^/(.*)$ http://www.test.com/$1 permanent;
}
index index.html index.htm index.php;
root /data/www;
access_log /tmp/access.log combined_realip;
location ~ .*admin\.php$ {
#auth_basic "aminglinux auth";
#auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
allow 127.0.0.1;
deny all;
include fastcgi_params;
fastcgi_pass unix:/tmp/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
……
检查配置后重新加载
[root@cp1 vhosts]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@cp1 vhosts]# /usr/local/nginx/sbin/nginx -s reload
测试127.0.0.1访问admin.php,可以访问
[root@cp1 vhosts]# curl -x127.0.0.1:80 www.test.com/admin.php -I
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:43:49 GMT
Content-Type: text/html; charset=gbk
Connection: keep-alive
X-Powered-By: PHP/5.4.37
Set-Cookie: rpEn_2132_saltkey=PVI1duy8; expires=Sun, 26-Mar-2017 21:43:49 GMT; path=/; httponly
Set-Cookie: rpEn_2132_lastvisit=1487969029; expires=Sun, 26-Mar-2017 21:43:49 GMT; path=/
Set-Cookie: rpEn_2132_sid=m4nHf0; expires=Sat, 25-Feb-2017 21:43:49 GMT; path=/
Set-Cookie: rpEn_2132_lastact=1487972629%09admin.php%09; expires=Sat, 25-Feb-2017 21:43:49 GMT; path=/
测试192.168.147.137访问admin.php,禁止访问
[root@cp1 vhosts]# curl -x192.168.147.137:80 www.test.com/admin.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:44:28 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
测试192.168.147.137访问forum.php,正常访问
[root@cp1 vhosts]# curl -x192.168.147.137:80 www.test.com/forum.php -I
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:45:19 GMT
Content-Type: text/html; charset=gbk
Connection: keep-alive
X-Powered-By: PHP/5.4.37
Set-Cookie: rpEn_2132_saltkey=iX99yxiD; expires=Sun, 26-Mar-2017 21:45:19 GMT; path=/; httponly
Set-Cookie: rpEn_2132_lastvisit=1487969119; expires=Sun, 26-Mar-2017 21:45:19 GMT; path=/
Set-Cookie: rpEn_2132_sid=cO4487; expires=Sat, 25-Feb-2017 21:45:19 GMT; path=/
Set-Cookie: rpEn_2132_lastact=1487972719%09forum.php%09; expires=Sat, 25-Feb-2017 21:45:19 GMT; path=/
Set-Cookie: rpEn_2132_onlineusernum=1; expires=Fri, 24-Feb-2017 21:50:19 GMT; path=/
Set-Cookie: rpEn_2132_sid=cO4487; expires=Sat, 25-Feb-2017 21:45:19 GMT; path=/
浏览器测试,禁止访问
全局设置:这里只为了测试:如禁止本机访问网站,禁止该网段访问网站
server
{
listen 80;
server_name www.test.com www.aaa.com www.bbb.com;
if ($host != 'www.test.com')
{
rewrite ^/(.*)$ http://www.test.com/$1 permanent;
}
index index.html index.htm index.php;
root /data/www;
access_log /tmp/access.log combined_realip;
deny 127.0.0.1;
deny 192.168.147.0/24;
location ~ .*admin\.php$ {
#auth_basic "aminglinux auth";
#auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
allow 127.0.0.1;
deny all;
include fastcgi_params;
fastcgi_pass unix:/tmp/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
……
检查配置后重新加载
[root@cp1 vhosts]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@cp1 vhosts]# /usr/local/nginx/sbin/nginx -s reload
访问全部被禁止:
[root@cp1 vhosts]# curl -x127.0.0.1:80 www.test.com -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:51:33 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
[root@cp1 vhosts]# curl -x192.168.147.137:80 www.test.com -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:51:51 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
[root@cp1 vhosts]# curl -x192.168.147.137:80 www.test.com/admin.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:52:00 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
[root@cp1 ~]# cd /usr/local/nginx/conf/vhosts/
[root@cp1 vhosts]# vim test.conf
将用户认证换成访问控制,白名单为本机
server
{
listen 80;
server_name www.test.com www.aaa.com www.bbb.com;
if ($host != 'www.test.com')
{
rewrite ^/(.*)$ http://www.test.com/$1 permanent;
}
index index.html index.htm index.php;
root /data/www;
access_log /tmp/access.log combined_realip;
location ~ .*admin\.php$ {
#auth_basic "aminglinux auth";
#auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
allow 127.0.0.1;
deny all;
include fastcgi_params;
fastcgi_pass unix:/tmp/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
……
检查配置后重新加载
[root@cp1 vhosts]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@cp1 vhosts]# /usr/local/nginx/sbin/nginx -s reload
测试127.0.0.1访问admin.php,可以访问
[root@cp1 vhosts]# curl -x127.0.0.1:80 www.test.com/admin.php -I
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:43:49 GMT
Content-Type: text/html; charset=gbk
Connection: keep-alive
X-Powered-By: PHP/5.4.37
Set-Cookie: rpEn_2132_saltkey=PVI1duy8; expires=Sun, 26-Mar-2017 21:43:49 GMT; path=/; httponly
Set-Cookie: rpEn_2132_lastvisit=1487969029; expires=Sun, 26-Mar-2017 21:43:49 GMT; path=/
Set-Cookie: rpEn_2132_sid=m4nHf0; expires=Sat, 25-Feb-2017 21:43:49 GMT; path=/
Set-Cookie: rpEn_2132_lastact=1487972629%09admin.php%09; expires=Sat, 25-Feb-2017 21:43:49 GMT; path=/
测试192.168.147.137访问admin.php,禁止访问
[root@cp1 vhosts]# curl -x192.168.147.137:80 www.test.com/admin.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:44:28 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
测试192.168.147.137访问forum.php,正常访问
[root@cp1 vhosts]# curl -x192.168.147.137:80 www.test.com/forum.php -I
HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:45:19 GMT
Content-Type: text/html; charset=gbk
Connection: keep-alive
X-Powered-By: PHP/5.4.37
Set-Cookie: rpEn_2132_saltkey=iX99yxiD; expires=Sun, 26-Mar-2017 21:45:19 GMT; path=/; httponly
Set-Cookie: rpEn_2132_lastvisit=1487969119; expires=Sun, 26-Mar-2017 21:45:19 GMT; path=/
Set-Cookie: rpEn_2132_sid=cO4487; expires=Sat, 25-Feb-2017 21:45:19 GMT; path=/
Set-Cookie: rpEn_2132_lastact=1487972719%09forum.php%09; expires=Sat, 25-Feb-2017 21:45:19 GMT; path=/
Set-Cookie: rpEn_2132_onlineusernum=1; expires=Fri, 24-Feb-2017 21:50:19 GMT; path=/
Set-Cookie: rpEn_2132_sid=cO4487; expires=Sat, 25-Feb-2017 21:45:19 GMT; path=/
浏览器测试,禁止访问
全局设置:这里只为了测试:如禁止本机访问网站,禁止该网段访问网站
server
{
listen 80;
server_name www.test.com www.aaa.com www.bbb.com;
if ($host != 'www.test.com')
{
rewrite ^/(.*)$ http://www.test.com/$1 permanent;
}
index index.html index.htm index.php;
root /data/www;
access_log /tmp/access.log combined_realip;
deny 127.0.0.1;
deny 192.168.147.0/24;
location ~ .*admin\.php$ {
#auth_basic "aminglinux auth";
#auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
allow 127.0.0.1;
deny all;
include fastcgi_params;
fastcgi_pass unix:/tmp/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
……
检查配置后重新加载
[root@cp1 vhosts]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@cp1 vhosts]# /usr/local/nginx/sbin/nginx -s reload
访问全部被禁止:
[root@cp1 vhosts]# curl -x127.0.0.1:80 www.test.com -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:51:33 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
[root@cp1 vhosts]# curl -x192.168.147.137:80 www.test.com -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:51:51 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
[root@cp1 vhosts]# curl -x192.168.147.137:80 www.test.com/admin.php -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:52:00 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
相关文章推荐
- LNMP架构(四)之Nginx防盗链,访问控制,解析php,代理
- centos 7.0搭建lnmp后修改nginx访问路径的403错误
- 【LNMP】Nginx防盗链、Nginx访问控制、Nginx解析php相关配置和Nginx代理
- LNMP(nginx防盗链,访问控制,解析php相关配置,Nginx代理,常见502问题)
- LNMP - nginx访问控制
- 全面掌握Nginx配置+快速搭建高可用架构 一 Nginx的访问控制
- LNMP架构 (4) 之 Nginx的防盗链、访问控制、解析php相关配置
- [LNMP]Nginx防盗链与访问控制
- LNMP架构——Nginx防盗链,访问控制
- CentOS6.5 Nginx搭建web服务器,实现平滑升级,虚拟主机及访问控制
- 搭建LNMP(linux+nginx+mysql+php)服务器环境配置实例教程
- LNMP下为Nginx目录设置访问验证的用户名密码
- 【识记】Nginx 访问控制
- Nginx实战基础篇六 通过源码包编译安装部署LNMP搭建Discuz论坛 推荐
- Ubuntu 搭建LNMP环境图文教程 配置nginx支持PHP
- LNMP环境搭建 linux+NGINX+MYSql+PHP
- LNMP环境 搭建 多站点 配置 Ubuntu12 04 Nignx Mysql Php(php5-fpm )
- 利用nginx搭建LNMP环境
- Debian+Nginx+PHP(FastCGI)+MySQL搭建LNMP服务器(最新版)
- CentOS 5.5安装Nginx、PHP(FastCGI)、MySQL --搭建LNMP环境安装Wordpress