1. Set the directory whitelist: There is no restriction on the specified request path. If there is no restriction on the request path to the api directory, it can be written as
server{
location /app {
proxy_pass http://192.168.1.111:8095/app;
limit_conn conn 20;
limit_rate 500k;
limit_req zone=foo burst=5 nodelay;
}
location /app/api {
proxy_pass http://192.168.1.111:8095/app/api
}
}
# 因nginx会优先进行精准匹配,所以以上写法即接触了对api目录下属路径的限制2. To set the IP whitelist, you need to use nginx geo and nginx map
If there is no manual deletion (--without-http_geo_module or --without-http_map_module), nginx loads it by default ngx-http-geo-module and ngx-http-map-module related content;
ngx-http-geo-module can be used to create variables, the variable value depends on the client ip address;
ngx-http-map-module can create variables based on other variables and variable values, which allows classification, or mapping multiple variables to different values and storing them in one variable;
nginx geo 格式说明
syntax ( 语法格式 ): geo [$address] $variable { ... }
default ( 默认 ): -
content ( 配置段位 ): http
nginx map 格式说明
syntax ( 语法格式 ): map string $variable { ... }
default ( 默认 ):-
content ( 配置段位 ): http
白名单配置示例
http{
# ... 其他配置内容
#定义白名单ip列表变量
geo $whiteiplist {
default 1 ;
127.0.0.1/32 0;
64.223.160.0/19 0;
}
#使用map指令映射将白名单列表中客户端请求ip为空串
map $whiteiplist $limit{
1 $binary_remote_addr ;
0 "";
}
#配置请求限制内容
limit_conn_zone $limit zone=conn:10m;
limit_req_zone $limit zone=allips:10m rate=20r/s;
server{
location /yourapplicationname {
proxy_pass http://192.168.1.111:8095/app;
limit_conn conn 50;
limit_rate 500k;
limit_req zone=allips burst=5 nodelay;
}
}
}
白名单配置可用于对合作客户,搜索引擎等请求过滤限制
#(特殊情况处理)
#如果想仅限制指定的请求,如:只限制post请求,则:
http{
# 其他请求..
#请求地址map映射
map $request_method $limit {
default "";
post $binary_remote_addr;
}
#限制定义
limit_req_zone $limit zone=reqlimit:20m rate=10r/s;
server{
... #与普通限制一致
}
}
#在此基础上,想进行指定方法的白名单限制处理,则:
http{
#...
#定义白名单列表
map $whiteiplist $limitips{
1 $binary_remote_addr;
0 "";
}
#基于白名单列表,定义指定方法请求限制
map $request_method $limit {
default "";
# post $binary_remote_addr;
post $limitips;
}
#对请求进行引用
limit_req_zone $limit zone=reqlimit:20m rate=10r/s;
#在server中进行引用
server{
#... 与普通限制相同
}
}The above is the detailed content of How to set directory whitelist and ip whitelist in nginx. For more information, please follow other related articles on the PHP Chinese website!
NGINX and Web Hosting: Serving Files and Managing TrafficMay 03, 2025 am 12:14 AMNGINX can be used to serve files and manage traffic. 1) Configure NGINX service static files: define the listening port and file directory. 2) Implement load balancing and traffic management: Use upstream module and cache policies to optimize performance.
NGINX vs. Apache: Comparing Web Server TechnologiesMay 02, 2025 am 12:08 AMNGINX is suitable for handling high concurrency and static content, while Apache is suitable for dynamic content and complex URL rewrites. 1.NGINX adopts an event-driven model, suitable for high concurrency. 2. Apache uses process or thread model, which is suitable for dynamic content. 3. NGINX configuration is simple, Apache configuration is complex but more flexible.
NGINX and Apache: Deployment and ConfigurationMay 01, 2025 am 12:08 AMNGINX and Apache each have their own advantages, and the choice depends on the specific needs. 1.NGINX is suitable for high concurrency, with simple deployment, and configuration examples include virtual hosts and reverse proxy. 2. Apache is suitable for complex configurations and is equally simple to deploy. Configuration examples include virtual hosts and URL rewrites.
NGINX Unit's Purpose: Running Web ApplicationsApr 30, 2025 am 12:06 AMThe purpose of NGINXUnit is to simplify the deployment and management of web applications. Its advantages include: 1) Supports multiple programming languages, such as Python, PHP, Go, Java and Node.js; 2) Provides dynamic configuration and automatic reloading functions; 3) manages application lifecycle through a unified API; 4) Adopt an asynchronous I/O model to support high concurrency and load balancing.
NGINX: An Introduction to the High-Performance Web ServerApr 29, 2025 am 12:02 AMNGINX started in 2002 and was developed by IgorSysoev to solve the C10k problem. 1.NGINX is a high-performance web server, an event-driven asynchronous architecture, suitable for high concurrency. 2. Provide advanced functions such as reverse proxy, load balancing and caching to improve system performance and reliability. 3. Optimization techniques include adjusting the number of worker processes, enabling Gzip compression, using HTTP/2 and security configuration.
NGINX vs. Apache: A Look at Their ArchitecturesApr 28, 2025 am 12:13 AMThe main architecture difference between NGINX and Apache is that NGINX adopts event-driven, asynchronous non-blocking model, while Apache uses process or thread model. 1) NGINX efficiently handles high-concurrent connections through event loops and I/O multiplexing mechanisms, suitable for static content and reverse proxy. 2) Apache adopts a multi-process or multi-threaded model, which is highly stable but has high resource consumption, and is suitable for scenarios where rich module expansion is required.
NGINX vs. Apache: Examining the Pros and ConsApr 27, 2025 am 12:05 AMNGINX is suitable for handling high concurrent and static content, while Apache is suitable for complex configurations and dynamic content. 1. NGINX efficiently handles concurrent connections, suitable for high-traffic scenarios, but requires additional configuration when processing dynamic content. 2. Apache provides rich modules and flexible configurations, which are suitable for complex needs, but have poor high concurrency performance.
NGINX and Apache: Understanding the Key DifferencesApr 26, 2025 am 12:01 AMNGINX and Apache each have their own advantages and disadvantages, and the choice should be based on specific needs. 1.NGINX is suitable for high concurrency scenarios because of its asynchronous non-blocking architecture. 2. Apache is suitable for low-concurrency scenarios that require complex configurations, because of its modular design.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Chinese version
Chinese version, very easy to use
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
