即使我从允许的 IP 进行连接,Nginx 仍然会抛出 403

即使我从允许的 IP 进行连接,Nginx 仍然会抛出 403

即使我从允许的 IP 连接,以下代码也会抛出 403

location /railo-context/admin {
    allow 1.2.3.4 #my ip 
    deny all;
}

这是整个文件:

server {
  listen 8080;

  server_name $hostname;

  # root should be out of location blocks according to Nginx best practices
  root   /opt/railo/tomcat/webapps/$host;

  # index files
  index index.htm index.html index.cfm index.cfml; 

  location / {
    try_files $uri @rewrite;
  }

  # This block will catch static file requests, such as images, css, js
  # The ?: prefix is a 'non-capturing' mark, meaning we do not require
  # the pattern to be captured into $1 which should help improve performance
  location ~* \.(?:ico|css|js|gif|jpe?g|png|bmp|html|htm)$ {
    # Some basic cache-control for static files to be sent to the browser
    expires max;
    add_header Pragma public;
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
  }

  location /railo-context/admin {
    # include the external ip of the server or any other fixed ip 
    # in order to prevent access to Railo Admin by others
    allow 1.2.3.4; 
    deny all;
    # include all proxy related settings from the proxy_params file
    include proxy_params;
  }

  location @rewrite {

    rewrite ^ /rewrite.cfm/$request_uri break;

    #include all proxy related settings from the proxy_params file
    include proxy_params;
  }

  # this prevents any aspx,php,jsp,cgi or perl files from being served
  location ~ \.(aspx|php|jsp|pl|cgi|perl|prl)$ {
    return 410;
  }

  # this prevents hidden files (beginning with a period) from being served
  location ~ /\. { 
    access_log off; log_not_found off; deny all; 
  }

}

答案1

对于确切的意图有点不清楚,但我尽可能给出最好的解释:allow 1.2.3.4 #my ip因为allow 1.2.3.4; #my ip它缺少分号。

还,

location /railo-context/admin {

location /railo-context/admin/ {

这样它就与文件夹及其下的所有内容相匹配。

相关内容