Whitelist-based access control configuration in Nginx reverse proxy-Nginx-php.cn

Home

Operation and Maintenance

Nginx

Whitelist-based access control configuration in Nginx reverse proxy

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 10, 2023 am 08:28 AM

nginxreverse proxyAccess control

Nginx is a high-performance HTTP server and reverse proxy server with the advantages of stability and scalability. To protect web servers from malicious users and malicious programs, many businesses and organizations implement access control measures. This article will introduce how to control reverse proxy access through whitelisting in Nginx.

1. What is a reverse proxy?

Reverse proxy refers to a Web server configuration method that hides the Web server behind a group of proxy servers. The address of the reverse proxy server is visible to the client. The reverse proxy server is responsible for forwarding the client's request to the real Web server and returning the Web server's response to the client. A reverse proxy can increase your web server's throughput and prevent attacks.

2. Why is access control needed?

Web servers usually face access from all over the world, and some of the requests may come from malicious users or malicious programs. These malicious requests may lead to security issues such as web server paralysis, data leakage, tampering and theft of sensitive information. In order to prevent these problems, it is usually necessary to implement an access control mechanism to restrict only specific IP addresses, domain names or users from accessing the web server.

3. How does Nginx implement access control based on whitelist?

Define the IP addresses that are allowed to be accessed

In the nginx.conf configuration file, you can use the allow directive to specify the IP addresses that are allowed to access, for example:

http {
    #定义白名单
    geo $whitelist {
        default 0;
        10.0.0.0/8 1;
        192.168.0.0/16 1;
    }

    server {
        listen 80;
        server_name example.com;
        location / {
            #指定允许访问的IP地址
            allow $whitelist;
            #禁止其他IP地址的访问
            deny all;
            #...
        }
    }
}

In the above configuration file, use the geo directive to define the whitelist. Among them, $whitelist is a variable indicating the IP addresses that are allowed to be accessed. By default, the value of $whitelist is 0, indicating that access is not allowed. If the accessed IP address is within the 10.0.0.0/8 or 192.168.0.0/16 network segment, the value of $whitelist is 1 and access is allowed. In the location, use the allow directive to specify that access to the IP addresses in the $whitelist variable is allowed, and use the deny directive to prohibit access to other IP addresses.

Define the domain names that are allowed to be accessed

In the nginx.conf configuration file, you can use the server_name directive to specify the domain names that are allowed to be accessed, for example:

http {
    #定义白名单
    server {
        listen       80;
        server_name  example.com;

        #允许访问的域名
        if ($host !~* ^(example.com)$ ) {
            return 403;
        }
        
        location / {
            #...
        }
    }
}

In the above configuration file, use the server_name directive to specify that only access to the example.com domain name is allowed. In location, if the requested domain name is not example.com, a 403 error will be returned directly.

Define users allowed to access

In the nginx configuration file, you can use HTTP Basic Authentication or other authentication mechanisms to restrict only authenticated users from accessing the web server. For example, using HTTP Basic Authentication, the username and password can be encrypted and placed in the HTTP header. Nginx authenticates the request, and only authenticated users can access the Nginx server. In the nginx.conf configuration file, you can use the auth_basic and auth_basic_user_file directives to implement HTTP Basic Authentication, for example:

http {
    #定义白名单
    server {
        listen       80;
        server_name  example.com;

        #Nginx对请求进行认证
        auth_basic           "Restricted Area";
        auth_basic_user_file conf.d/.htpasswd;
        
        location / {
            #...
        }
    }
}

In the above configuration file, specify the auth_basic directive in the server to describe the area information that requires authentication. Use the auth_basic_user_file directive to specify the path to the password file. Only authenticated users can access the web server.

4. Summary

Reverse proxy can improve the throughput of the Web server and prevent attacks. The access control mechanism can protect the Web server from attacks from malicious users and malicious programs. In Nginx, whitelist-based access control can be used to control reverse proxy access and protect the security of the web server. As needed, you can define the IP addresses, domain names or users that are allowed to access to improve the security of the reverse proxy.

The above is the detailed content of Whitelist-based access control configuration in Nginx reverse proxy. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

NGINX Unit: The Architecture and How It WorksApr 23, 2025 am 12:18 AM

NGINXUnit improves application performance and manageability with its modular architecture and dynamic reconfiguration capabilities. 1) Modular design includes master processes, routers and application processes, supporting efficient management and expansion. 2) Dynamic reconfiguration allows seamless update of configuration at runtime, suitable for CI/CD environments. 3) Multilingual support is implemented through dynamic loading of language runtime, improving development flexibility. 4) High performance is achieved through event-driven models and asynchronous I/O, and remains efficient even under high concurrency. 5) Security is improved by isolating application processes and reducing the mutual influence between applications.

Using NGINX Unit: Deploying and Managing ApplicationsApr 22, 2025 am 12:06 AM

NGINXUnit can be used to deploy and manage applications in multiple languages. 1) Install NGINXUnit. 2) Configure it to run different types of applications such as Python and PHP. 3) Use its dynamic configuration function for application management. Through these steps, you can efficiently deploy and manage applications and improve project efficiency.

NGINX vs. Apache: A Comparative Analysis of Web ServersApr 21, 2025 am 12:08 AM

NGINX is more suitable for handling high concurrent connections, while Apache is more suitable for scenarios where complex configurations and module extensions are required. 1.NGINX is known for its high performance and low resource consumption, and is suitable for high concurrency. 2.Apache is known for its stability and rich module extensions, which are suitable for complex configuration needs.

NGINX Unit's Advantages: Flexibility and PerformanceApr 20, 2025 am 12:07 AM

NGINXUnit improves application flexibility and performance with its dynamic configuration and high-performance architecture. 1. Dynamic configuration allows the application configuration to be adjusted without restarting the server. 2. High performance is reflected in event-driven and non-blocking architectures and multi-process models, and can efficiently handle concurrent connections and utilize multi-core CPUs.

NGINX vs. Apache: Performance, Scalability, and EfficiencyApr 19, 2025 am 12:05 AM

NGINX and Apache are both powerful web servers, each with unique advantages and disadvantages in terms of performance, scalability and efficiency. 1) NGINX performs well when handling static content and reverse proxying, suitable for high concurrency scenarios. 2) Apache performs better when processing dynamic content and is suitable for projects that require rich module support. The selection of a server should be decided based on project requirements and scenarios.

The Ultimate Showdown: NGINX vs. ApacheApr 18, 2025 am 12:02 AM

NGINX is suitable for handling high concurrent requests, while Apache is suitable for scenarios where complex configurations and functional extensions are required. 1.NGINX adopts an event-driven, non-blocking architecture, and is suitable for high concurrency environments. 2. Apache adopts process or thread model to provide a rich module ecosystem that is suitable for complex configuration needs.

NGINX in Action: Examples and Real-World ApplicationsApr 17, 2025 am 12:18 AM

NGINX can be used to improve website performance, security, and scalability. 1) As a reverse proxy and load balancer, NGINX can optimize back-end services and share traffic. 2) Through event-driven and asynchronous architecture, NGINX efficiently handles high concurrent connections. 3) Configuration files allow flexible definition of rules, such as static file service and load balancing. 4) Optimization suggestions include enabling Gzip compression, using cache and tuning the worker process.

NGINX Unit: Supporting Different Programming LanguagesApr 16, 2025 am 12:15 AM

NGINXUnit supports multiple programming languages and is implemented through modular design. 1. Loading language module: Load the corresponding module according to the configuration file. 2. Application startup: Execute application code when the calling language runs. 3. Request processing: forward the request to the application instance. 4. Response return: Return the processed response to the client.

See all articles