%24.png)
我已经读了很多关于nginx最近在网上找到了 2 种方法。第一种方法似乎适用于服务器上下文级别,第二种方法推荐用于位置上下文级别。
问题。limit_except在服务器上下文级别使用是否合适?
方法 #1($request_method) 嵌入变量
# server context
#
# Disable unwanted HTTP methods
# Most of the time, you need just GET, HEAD & POST HTTP request in your web application.
# Allowing TRACE or DELETE is risky as it can allow Cross-Site Tracking attack and potentially
# allow an attacker to steal the cookie information.
# So we return a 405 Not Allowed if someone is trying to use TRACE, DELETE, PUT, OPTIONS.
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 405;
}
方法 #2(limit_except) 方法
# Limits allowed HTTP methods inside a location.
. . .
location /restricted-write {
# location context
limit_except GET HEAD {
# limit_except context
allow 192.168.1.1/24;
deny all;
}
}
答案1
不可以,您不能limit_except在server上下文级别使用。location根据ngx_http_core_module 文档:
句法:
limit_except method ... { ... }默认:
—语境:
location
limit_except方法#1是类似功能的解决方法/替代方案,但需要注意的是,您的示例将给出 HTTP 状态 405 响应,而不是响应的403 状态。
答案2
方法 2 可以简化为
limit_except GET {
}
HEAD将允许按照http://nginx.org/en/docs/http/ngx_http_core_module.html#limit_except