我想在我的 Nginx 中设置防火墙绕过预防。为此,我需要在 Nginx 配置中添加以下指令:
location / {
allow xxx.xx.xxx.x/xx;
allow xxx.xx.xxx.x/xx;;
allow xxxx:xxxx::/xx;
allow xx.xxx.xxx.x/xx;
allow xxx.xxx.x.x/xx;
deny all;
# Existing NGINX rules
}
我已经获得服务器指令下的位置指令如下:
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
问题是,我是否需要为防火墙绕过预防添加新的位置指令,或者我必须在现有位置附加防火墙绕过预防,如下所示:
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
allow xxx.xx.xxx.x/xx;
allow xxx.xx.xxx.x/xx;;
allow xxxx:xxxx::/xx;
allow xx.xxx.xxx.x/xx;
allow xxx.xxx.x.x/xx;
deny all;
# Existing NGINX rules
}
任何想法?
答案1
您很可能希望将allow
和deny
指令移动到 任何 的外部location
并直接放置在 内server {}
。然后它将应用于所有位置。