亚洲国产日韩欧美一区二区三区,精品亚洲国产成人av在线,国产99视频精品免视看7,99国产精品久久久久久久成人热,欧美日韩亚洲国产综合乱

Table of Contents
1. Black/white list IP restricted access configuration
1. The first method: allow, deny
2: The second method, ngx_http_geo_module
3. ngx_http_geo_module load balancing (extension)
2. Country and region IP Restricting access
1: Install the ngx_http_geoip_module module
2. Download the IP database
3. Configure nginx
Home Operation and Maintenance Nginx How do websites set black/whitelist IP restrictions and country and city IP access restrictions through nginx?

How do websites set black/whitelist IP restrictions and country and city IP access restrictions through nginx?

Jun 01, 2023 pm 05:27 PM
nginx ip

    1. Black/white list IP restricted access configuration

    There are several ways to configure black and white lists in nginx. Here are only two commonly used methods.

    1. The first method: allow, deny

    The deny and allow instructions belong to ngx_http_access_module. nginx loads this module by default, so it can be used directly.

    This method is the simplest and most direct. Set up similar to firewall iptable, usage method:

    Add directly to the configuration file: 

    #白名單設置,allow后面為可訪問IP 
location / {
     allow 123.13.123.12;
     allow 23.53.32.1/100;
     deny  all;
}

#黑名單設置,deny后面接限制的IP,為什么不加allow all? 因為這個默認是開啟的 
location / {
     deny 123.13.123.12;
}

#白名單,特定目錄訪問限制
location /tree/list {
     allow 123.13.123.12;
     deny  all;
}

    or configure the whitelist by reading the file IP 

    location /{
    include /home/whitelist.conf;
    #默認位置路徑為/etc/nginx/ 下,
    #如直接寫include whitelist.conf,則只需要在/etc/nginx目錄下創(chuàng)建whitelist.conf
    deny all;
}

    Create in the /home/ directory whitelist.conf, and write the IP that needs to be added to the whitelist. After the addition is completed, view the following: 

    cat /home/whitelist.conf

#白名單IP
allow 10.1.1.10;
allow 10.1.1.11;

    The whitelist setting is completed, and the blacklist setting method is the same.

    2: The second method, ngx_http_geo_module

    By default, this module is usually added to nginx. ngx_http_geo_module: Official document, the parameters need to be set in the http module.

    This module can set IP restrictions and country and region restrictions. The location can be outside the server module.

    Syntax example:

    Add the configuration file directly

    geo $ip_list {
    default 0;
    #設置默認值為0
    192.168.1.0/24 1;
    10.1.0.0/16    1;
}
server {
    listen       8081;
    server_name  192.168.152.100;
    
    location / {
        root   /var/www/test;
		index  index.html index.htm index.php;
		if ( $ip_list = 0 ) {
		#判斷默認值,如果值為0,可訪問,這時上面添加的IP為黑名單。
		#白名單,將設置$ip_list = 1,這時上面添加的IP為白名單。
		proxy_pass http://192.168.152.100:8081;
    }

    You can also read the file IP configuration

    geo $ip_list {
    default 0;
    #設置默認值為0
    include ip_white.conf;
}
server {
    listen       8081;
    server_name  192.168.152.100;
    
    location / {
        root   /var/www/test;
		index  index.html index.htm index.php;
		if ( $ip_list = 0 ) {
			return 403;
			#限制的IP返回值為403,也可以設置為503,504其他值。
			#建議設置503,504這樣返回的頁面不會暴露nginx相關信息,限制的IP看到的信息只顯示服務器錯誤,無法判斷真正原因。
    }

    Create ip_list in the /etc/nginx directory .conf, after adding the IP, view the following: 

    cat /etc/nginx/ip_list.conf

192.168.152.1 1;
192.168.150.0/24 1;

    When the setting is completed, the IP list file ip_list.conf will be used as a whitelist. If the requested IP is not in the list, the 403 page will be returned directly. The blacklist setting method is the same.

    3. ngx_http_geo_module load balancing (extension)

    ngx_http_geo_module, the module can also be used for load balancing, such as web clusters with servers in different regions, IP segments in a certain region, load balancing to access Servers in a certain region. A similar way is to add custom values ??behind the IP. These values ??are not limited to numbers, but letters can also be used, such as US, CN, etc.

    Example:

    If there are three servers: 122.11.11.11, 133.11.12.22, 144.11.11.33

    geo $country {
    default default;
    111.11.11.0/24   uk;
    #IP段定義值uk
    111.11.12.0/24   us;
    #IP段定義值us
    }
upstream  uk.server {
    erver 122.11.11.11:9090;
    #定義值uk的IP直接訪問此服務器
} 

upstream  us.server {
    server 133.11.12.22:9090;
    #定義值us的IP直接訪問此服務器
}

upstream  default.server {
    server 144.11.11.33:9090;
    #默認的定義值default的IP直接訪問此服務器
}
 
server {
    listen    9090;
    server_name 144.11.11.33;

    location / {
      root  /var/www/html/;
      index index.html index.htm;
     }
 }

    Then

    2. Country and region IP Restricting access

    Some third-party services such as cloudflare also provide setting options to make the setting of firewall rules more convenient. Here we talk about how to set up nginx.

    1: Install the ngx_http_geoip_module module

    ngx_http_geoip_module: Official document, the parameters need to be set in the http module.

    nginx does not build this module by default, it should be enabled using the --with-http_geoip_module configuration parameter.

    For Ubuntu systems, install nginx-extras components directly, including almost all modules. 

    sudo apt install nginx-extras

    For centos system, install the module. 

    yum install nginx-module-geoip

    2. Download the IP database

    This module depends on the IP database. All data is read in this database, and the ip library (dat format) needs to be downloaded.

    MaxMind provides a free IP geographical database. The bad news is that MaxMind has officially stopped supporting the dat format IP database.

    You can find dat format files in other places, or old versions. Of course, the data cannot be the latest, and there are some errors.

    Download includes country and city versions of both Ipv4 and Ipv6. 

    #下載國家IP庫,解壓并移動到nginx配置文件目錄,
sudo wget https://dl.miyuru.lk/geoip/maxmind/country/maxmind.dat.gz
gunzip maxmind.dat.gz
sudo mv maxmind.dat /etc/nginx/GeoCountry.dat

sudo wget https://dl.miyuru.lk/geoip/maxmind/city/maxmind.dat.gz
gunzip maxmind.dat.gz
sudo mv maxmind.dat /etc/nginx/GeoCity.dat

    3. Configure nginx

    Example: 

    geoip_country /etc/nginx/GeoCountry.dat;
geoip_city /etc/nginx/GeoCity.dat;

server {
    listen  80;
    server_name 144.11.11.33;

    location / {
      root  /var/www/html/;
      index index.html index.htm;
      if ($geoip_country_code = CN) {
  			return 403;
 		#中國地區(qū),拒絕訪問。返回403頁面
		}
  	}
 }

    Here, the regional and country basic settings are completed.

    Geoip other parameters:

    Country-related parameters:
    $geoip_country_code #Two-character English country code. For example: CN, US
    $geoip_country_code3 #A three-character English country code. For example: CHN, USA
    $geoip_country_name #The full English name of the country. For example: China, United States
    City related parameters:
    $geoip_city_country_code # is also a two-character English country code.
    $geoip_city_country_code3 #Same as above
    $geoip_city_country_name #Same as above.
    $geoip_region #This has been tested to be a two-digit number, such as 02 for Hangzhou and 23 for Shanghai. However, no relevant information was found. I hope friends who know more can leave a message.
    $geoip_city #The English name of the city. For example: Hangzhou
    $geoip_postal_code #The postal code of the city. After testing, this field is empty in China
    $geoip_city_continent_code #I don’t know what it is used for, but it seems to be AS
    $geoip_latitude #Latitude
    $geoip_longitude #Longitude

    The above is the detailed content of How do websites set black/whitelist IP restrictions and country and city IP access restrictions through nginx?. For more information, please follow other related articles on the PHP Chinese website!

    Statement of this Website
    The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

    Hot AI Tools

    Undress AI Tool

    Undress AI Tool

    Undress images for free

    Undresser.AI Undress

    Undresser.AI Undress

    AI-powered app for creating realistic nude photos

    AI Clothes Remover

    AI Clothes Remover

    Online AI tool for removing clothes from photos.

    Clothoff.io

    Clothoff.io

    AI clothes remover

    Video Face Swap

    Video Face Swap

    Swap faces in any video effortlessly with our completely free AI face swap tool!

    Hot Tools

    Notepad++7.3.1

    Notepad++7.3.1

    Easy-to-use and free code editor

    SublimeText3 Chinese version

    SublimeText3 Chinese version

    Chinese version, very easy to use

    Zend Studio 13.0.1

    Zend Studio 13.0.1

    Powerful PHP integrated development environment

    Dreamweaver CS6

    Dreamweaver CS6

    Visual web development tools

    SublimeText3 Mac version

    SublimeText3 Mac version

    God-level code editing software (SublimeText3)

    NGINX vs. Apache: Performance, Scalability, and Efficiency NGINX vs. Apache: Performance, Scalability, and Efficiency Apr 19, 2025 am 12:05 AM

    NGINX and Apache are both powerful web servers, each with unique advantages and disadvantages in terms of performance, scalability and efficiency. 1) NGINX performs well when handling static content and reverse proxying, suitable for high concurrency scenarios. 2) Apache performs better when processing dynamic content and is suitable for projects that require rich module support. The selection of a server should be decided based on project requirements and scenarios.

    NGINX vs. Apache: A Comparative Analysis of Web Servers NGINX vs. Apache: A Comparative Analysis of Web Servers Apr 21, 2025 am 12:08 AM

    NGINX is more suitable for handling high concurrent connections, while Apache is more suitable for scenarios where complex configurations and module extensions are required. 1.NGINX is known for its high performance and low resource consumption, and is suitable for high concurrency. 2.Apache is known for its stability and rich module extensions, which are suitable for complex configuration needs.

    NGINX and Apache: Understanding the Key Differences NGINX and Apache: Understanding the Key Differences Apr 26, 2025 am 12:01 AM

    NGINX and Apache each have their own advantages and disadvantages, and the choice should be based on specific needs. 1.NGINX is suitable for high concurrency scenarios because of its asynchronous non-blocking architecture. 2. Apache is suitable for low-concurrency scenarios that require complex configurations, because of its modular design.

    How to execute php code after writing php code? Several common ways to execute php code How to execute php code after writing php code? Several common ways to execute php code May 23, 2025 pm 08:33 PM

    PHP code can be executed in many ways: 1. Use the command line to directly enter the "php file name" to execute the script; 2. Put the file into the document root directory and access it through the browser through the web server; 3. Run it in the IDE and use the built-in debugging tool; 4. Use the online PHP sandbox or code execution platform for testing.

    After installing Nginx, the configuration file path and initial settings After installing Nginx, the configuration file path and initial settings May 16, 2025 pm 10:54 PM

    Understanding Nginx's configuration file path and initial settings is very important because it is the first step in optimizing and managing a web server. 1) The configuration file path is usually /etc/nginx/nginx.conf. The syntax can be found and tested using the nginx-t command. 2) The initial settings include global settings (such as user, worker_processes) and HTTP settings (such as include, log_format). These settings allow customization and extension according to requirements. Incorrect configuration may lead to performance issues and security vulnerabilities.

    How to limit user resources in Linux? How to configure ulimit? How to limit user resources in Linux? How to configure ulimit? May 29, 2025 pm 11:09 PM

    Linux system restricts user resources through the ulimit command to prevent excessive use of resources. 1.ulimit is a built-in shell command that can limit the number of file descriptors (-n), memory size (-v), thread count (-u), etc., which are divided into soft limit (current effective value) and hard limit (maximum upper limit). 2. Use the ulimit command directly for temporary modification, such as ulimit-n2048, but it is only valid for the current session. 3. For permanent effect, you need to modify /etc/security/limits.conf and PAM configuration files, and add sessionrequiredpam_limits.so. 4. The systemd service needs to set Lim in the unit file

    What are the Debian Nginx configuration skills? What are the Debian Nginx configuration skills? May 29, 2025 pm 11:06 PM

    When configuring Nginx on Debian system, the following are some practical tips: The basic structure of the configuration file global settings: Define behavioral parameters that affect the entire Nginx service, such as the number of worker threads and the permissions of running users. Event handling part: Deciding how Nginx deals with network connections is a key configuration for improving performance. HTTP service part: contains a large number of settings related to HTTP service, and can embed multiple servers and location blocks. Core configuration options worker_connections: Define the maximum number of connections that each worker thread can handle, usually set to 1024. multi_accept: Activate the multi-connection reception mode and enhance the ability of concurrent processing. s

    NGINX's Purpose: Serving Web Content and More NGINX's Purpose: Serving Web Content and More May 08, 2025 am 12:07 AM

    NGINXserveswebcontentandactsasareverseproxy,loadbalancer,andmore.1)ItefficientlyservesstaticcontentlikeHTMLandimages.2)Itfunctionsasareverseproxyandloadbalancer,distributingtrafficacrossservers.3)NGINXenhancesperformancethroughcaching.4)Itofferssecur

    See all articles