我正在尝试在 nginx 中为服务器上的几个子文件夹设置一些允许/拒绝指令。我正在修改 /etc/nginx/sites/enabled/default 文件,如下所示:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
client_max_body_size 20M;
root /usr/share/nginx/html;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location /nothingtosee {
auth_basic "Closed Website";
auth_basic_user_file /etc/nginx/pma_pass;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_read_timeout 240;
}
location /squirrelmail {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include /etc/nginx/fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /webmail {
rewrite ^/* /squirrelmail last;
}
location /nginx_status {
stub_status on;
access_log off;
allow 10.1.1.28;
deny all;
}
location /ill {
allow 10.1.1.28;
allow 10.0.1.38;
deny all;
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
# fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}}
从任何 IP 地址查看包含允许/拒绝指令的目录时,我收到 403 Forbidden 错误。所有没有允许/拒绝的目录都可以正常工作。
我是 nginx 新手...我的配置中是否存在任何错误?
谢谢!
答案1
当从任何 IP 地址查看包含允许/拒绝指令的目录时,我收到 403 禁止错误。
这正是您告诉 nginx 要做的事情……
您拒绝除 IP10.1.1.28和之外的所有内容10.0.1.38。
我是 nginx 新手...我的配置中是否存在任何错误?
我们怎么知道?你甚至没有解释你在做什么……