Nginx - 阻止访问子文件夹

Nginx - 阻止访问子文件夹

这是一个带有 React 站点的 Next.js。使用 NPM 和 Nginx 代理在本地主机上运行。

我在虚拟主机中有以下 nginx 服务器块:

server {
        listen 443 ssl;
        server_name dev.sekretyrozwojuosobistego.pl;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        client_max_body_size 15M;

        location /  {
                proxy_pass    http://localhost:4006;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }

}

我想阻止访问/private

如果我以这种方式添加新位置,则会出现问题:

server {
        listen 443 ssl;
        server_name dev.sekretyrozwojuosobistego.pl;
    ssl_certificate /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/privkey.pem; # managed by Certbot

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

        client_max_body_size 15M;


#       return 301 https://$host$request_uri;


        location /private {
               auth_basic  "Work in progress";
               auth_basic_user_file /etc/nginx/restricted/.htpasswd;
               proxy_pass    http://localhost:4006;

               proxy_http_version 1.1;
               proxy_set_header Upgrade $http_upgrade;
               proxy_set_header Connection 'upgrade';
               proxy_set_header Host $host;
               proxy_cache_bypass $http_upgrade;
        }


        location /  {
#               auth_basic  "Work in progress";
#               auth_basic_user_file /etc/nginx/restricted/.htpasswd;
                proxy_pass    http://localhost:4006;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }

}

此解决方案的优点:

  • /private 只能通过密码访问

这个解决方案的缺点:我收到这样的错误:

Failed to load resource: the server responded with a status of 404 ()
webpack-917a29e0b939a068b2f9.js:1 Failed to load resource: the server responded with a status of 404 ()
_app-9d47fe6f5703c9f8e12f.js:1 Failed to load resource: the server responded with a status of 404 ()
_buildManifest.js:1 Failed to load resource: the server responded with a status of 404 ()
_ssgManifest.js:1 Failed to load resource: the server responded with a status of 404 ()

如果我注释掉/private位置块,404 错误就不会再发生。

我做错了吗?该如何解决?

编辑:我可以让它以这种方式工作:

            location /  {
#                   auth_basic  "Work in progress";
#                   auth_basic_user_file /etc/nginx/restricted/.htpasswd;
                    proxy_pass    http://localhost:4006;
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection 'upgrade';
                    proxy_set_header Host $host;
                    proxy_cache_bypass $http_upgrade;
            }
    
    
            location ^~/private {
                    auth_basic  "Work in progress";
                    auth_basic_user_file /etc/nginx/restricted/.htpasswd;
                     proxy_pass    http://localhost:4006;
           }

但是我不确定是否应该这样,^~/private否则......

我想要阻止的是:/private /private/ /private? /private?whatever /private/whatever

答案1

它会阻止所有以“private”开头的请求

location ~ ^/private {
        deny all;
    }

这仅接受来自您指定的 IP 地址的请求。

location ~ ^/private {
        allow 192.168.1.100;
        allow 192.168.1.101;
        deny all;
    }

相关内容