即使我从允许的 IP 连接,以下代码也会抛出 403
location /railo-context/admin {
allow 1.2.3.4 #my ip
deny all;
}
这是整个文件:
server {
listen 8080;
server_name $hostname;
# root should be out of location blocks according to Nginx best practices
root /opt/railo/tomcat/webapps/$host;
# index files
index index.htm index.html index.cfm index.cfml;
location / {
try_files $uri @rewrite;
}
# This block will catch static file requests, such as images, css, js
# The ?: prefix is a 'non-capturing' mark, meaning we do not require
# the pattern to be captured into $1 which should help improve performance
location ~* \.(?:ico|css|js|gif|jpe?g|png|bmp|html|htm)$ {
# Some basic cache-control for static files to be sent to the browser
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location /railo-context/admin {
# include the external ip of the server or any other fixed ip
# in order to prevent access to Railo Admin by others
allow 1.2.3.4;
deny all;
# include all proxy related settings from the proxy_params file
include proxy_params;
}
location @rewrite {
rewrite ^ /rewrite.cfm/$request_uri break;
#include all proxy related settings from the proxy_params file
include proxy_params;
}
# this prevents any aspx,php,jsp,cgi or perl files from being served
location ~ \.(aspx|php|jsp|pl|cgi|perl|prl)$ {
return 410;
}
# this prevents hidden files (beginning with a period) from being served
location ~ /\. {
access_log off; log_not_found off; deny all;
}
}
答案1
对于确切的意图有点不清楚,但我尽可能给出最好的解释:allow 1.2.3.4 #my ip
因为allow 1.2.3.4; #my ip
它缺少分号。
还,
location /railo-context/admin {
到
location /railo-context/admin/ {
这样它就与文件夹及其下的所有内容相匹配。