Nginx 位置允许 IP 未按预期工作

tag-icon tag-icon ubuntu nginx
Nginx 位置允许 IP 未按预期工作

我需要你帮助设置位置允许,

location /route {
    deny [my-ip];
}

所以这是可行的,它不允许我访问路线

抛出此错误

403 Forbidden
nginx/1.10.0 (Ubuntu)

和这个...

location /route {
    allow [my-ip];
    deny all;
}

不让我访问,但它应该让我访问路线,不明白为什么,它显示此错误

404 Not Found
nginx/1.10.0 (Ubuntu)

配置文件(带有两个路线示例):

server {
listen 80 default_server;
listen [::]:80 default_server;

# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;

root /var/www/laravel/public;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm;

server_name [my-domain];

location / {
    # First attempt to serve request as file, then
    # as directory, then fall back to displaying a 404.
    try_files $uri $uri/ /index.php?$query_string;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
    include snippets/fastcgi-php.conf;
#
#   # With php7.0-cgi alone:
#   fastcgi_pass 127.0.0.1:9000;
#   # With php7.0-fpm:
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
    deny all;
}

# Phpmyadmin Configurations
location /phpmyadmin {
   root /usr/share/;
   index index.php index.html index.htm;
   location ~ ^/phpmyadmin/(.+\.php)$ {
           try_files $uri =404;
           root /usr/share/;
           #fastcgi_pass 127.0.0.1:9000;
           #fastcgi_param HTTPS on; # <-- add this line
           fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
           fastcgi_index index.php;
           fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
           include fastcgi_params;
   }
   location ~* ^/phpmyadmin/(.+\.
(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
           root /usr/share/;
   }
}

# Dealing with the uppercased letters
location /phpMyAdmin {
   rewrite ^/* /phpmyadmin last;
}

location /logs {
    deny [myip];
}

location /admin {
    allow [myip];
    deny all;
}
}

答案1

我不相信这是否特别安全,因为/index.php脚本仍然不受保护。但是您正在覆盖块try_files中的语句location /,因此您应该将其添加到新location块中:

location /admin {
    allow [my-ip];
    deny all;

    try_files $uri $uri/ /index.php?$query_string;
}

相关内容