Nginx-设置防火墙绕过预防

Nginx-设置防火墙绕过预防

我想在我的 Nginx 中设置防火墙绕过预防。为此,我需要在 Nginx 配置中添加以下指令:

location / {
    allow xxx.xx.xxx.x/xx;
    allow xxx.xx.xxx.x/xx;;
    allow xxxx:xxxx::/xx;
    allow xx.xxx.xxx.x/xx;
    allow xxx.xxx.x.x/xx;
    deny all;
    # Existing NGINX rules
}

我已经获得服务器指令下的位置指令如下:

location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        #try_files $uri $uri/ =404;
        try_files $uri $uri/ /index.php?q=$uri&$args;
        # Uncomment to enable naxsi on this location
        # include /etc/nginx/naxsi.rules
    }

问题是,我是否需要为防火墙绕过预防添加新的位置指令,或者我必须在现有位置附加防火墙绕过预防,如下所示:

location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        #try_files $uri $uri/ =404;
        try_files $uri $uri/ /index.php?q=$uri&$args;
        # Uncomment to enable naxsi on this location
        # include /etc/nginx/naxsi.rules
        allow xxx.xx.xxx.x/xx;
        allow xxx.xx.xxx.x/xx;;
        allow xxxx:xxxx::/xx;
        allow xx.xxx.xxx.x/xx;
        allow xxx.xxx.x.x/xx;
        deny all;
       # Existing NGINX rules
    }

任何想法?

答案1

您很可能希望将allowdeny指令移动到 任何 的外部location并直接放置在 内server {}。然后它将应用于所有位置。

相关内容