URI-based ACL configuration in Nginx reverse proxy-Nginx-php.cn

Home

Operation and Maintenance

Nginx

URI-based ACL configuration in Nginx reverse proxy

王林

Jun 10, 2023 am 10:42 AM

nginxreverse proxyacl configuration

Nginx is an open source high-performance web server and reverse proxy server that can easily handle a large number of concurrent requests. Nginx integrates a variety of functional modules, among which ACL (Access Control List) is an important configuration method. ACL allows administrators to control which users or IP addresses can access the Nginx server, thereby improving the security and reliability of the web server. This article will introduce how to use ACL configuration in Nginx reverse proxy to control access permissions based on URI.

What is ACL?

ACL, full name Access Control List, Chinese name Access Control List, is a technical means to control access rights. It allows or denies access to specific users or IP addresses, thereby protecting your web server from malicious attacks.

There are two ways to implement ACL in Nginx, one is ACL based on IP address, and the other is ACL based on URI. This article will focus on URI-based ACLs.

URI-based ACL configuration

URI-based ACL is a relatively common and flexible means of controlling access permissions. By filtering the requested URI, user access rights can be controlled by category.

Let’s look at a specific example. Suppose our web application has two modules, one is the background management module and the other is the front-end user module. The access URIs for these two modules are different.

We can use the ACL function of Nginx to cooperate with the reverse proxy module to achieve access control to these two modules. First, we need to add the following ACL rules to the Nginx configuration file:

location / {

proxy_pass http://backend;
allow 192.168.1.0/24; # 允许192.168.1.0/24网段的访问
deny all; # 拒绝其他所有IP地址的访问

}

location /admin {

proxy_pass http://backend;
allow 192.168.1.10; # 允许指定IP地址的访问
deny all; # 拒绝其他所有IP地址的访问

}

In the above configuration, we set different ACL rules for all URIs and /admin URIs. For all URIs, we only allow IP addresses in the 192.168.1.0/24 network segment to be accessible. For /admin URI, we only allow the specified IP address to be accessed, and other IP addresses are rejected.

It should be noted that the order of ACL rules is very important. Nginx first matches the longest URI. If the match is successful, the ACL rule corresponding to the URI is used. If the URI matches multiple ACL rules, the first matching ACL rule will be used.

Regular expression-based ACL configuration

In addition to URI-based ACL configuration, Nginx also supports regular expression-based ACL configuration. This method is more flexible and can be customized according to different needs.

Let’s take a look at an example. Suppose we need to control access to all URIs starting with /api, we can use the following ACL configuration:

location ~ ^/api/(.*)$ {

proxy_pass http://backend;
allow 192.168.1.0/24; # 允许192.168.1.0/24网段的访问
deny all; # 拒绝其他所有IP地址的访问

}

In the above configuration, we use regular expressions to match all URIs starting with /api, and set the corresponding ACL rules.

It should be noted that using regular expressions for ACL configuration may cause some performance overhead. Therefore, we recommend using URI-based ACL configuration whenever possible.

Summary

ACL is a very important means of controlling access permissions in Nginx reverse proxy. URI-based ACL configuration can set different access permissions for different URIs. ACL configuration based on regular expressions is more flexible and can be customized according to different needs. For different application scenarios, we can choose different ACL configuration methods. At the same time, in order to improve performance, we should try to avoid using complex regular expressions for ACL configuration.

The above is the detailed content of URI-based ACL configuration in Nginx reverse proxy. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

NGINX vs. Apache: Performance, Scalability, and EfficiencyApr 19, 2025 am 12:05 AM

NGINX and Apache are both powerful web servers, each with unique advantages and disadvantages in terms of performance, scalability and efficiency. 1) NGINX performs well when handling static content and reverse proxying, suitable for high concurrency scenarios. 2) Apache performs better when processing dynamic content and is suitable for projects that require rich module support. The selection of a server should be decided based on project requirements and scenarios.

The Ultimate Showdown: NGINX vs. ApacheApr 18, 2025 am 12:02 AM

NGINX is suitable for handling high concurrent requests, while Apache is suitable for scenarios where complex configurations and functional extensions are required. 1.NGINX adopts an event-driven, non-blocking architecture, and is suitable for high concurrency environments. 2. Apache adopts process or thread model to provide a rich module ecosystem that is suitable for complex configuration needs.

NGINX in Action: Examples and Real-World ApplicationsApr 17, 2025 am 12:18 AM

NGINX can be used to improve website performance, security, and scalability. 1) As a reverse proxy and load balancer, NGINX can optimize back-end services and share traffic. 2) Through event-driven and asynchronous architecture, NGINX efficiently handles high concurrent connections. 3) Configuration files allow flexible definition of rules, such as static file service and load balancing. 4) Optimization suggestions include enabling Gzip compression, using cache and tuning the worker process.

NGINX Unit: Supporting Different Programming LanguagesApr 16, 2025 am 12:15 AM

NGINXUnit supports multiple programming languages and is implemented through modular design. 1. Loading language module: Load the corresponding module according to the configuration file. 2. Application startup: Execute application code when the calling language runs. 3. Request processing: forward the request to the application instance. 4. Response return: Return the processed response to the client.

Choosing Between NGINX and Apache: The Right Fit for Your NeedsApr 15, 2025 am 12:04 AM

NGINX and Apache have their own advantages and disadvantages and are suitable for different scenarios. 1.NGINX is suitable for high concurrency and low resource consumption scenarios. 2. Apache is suitable for scenarios where complex configurations and rich modules are required. By comparing their core features, performance differences, and best practices, you can help you choose the server software that best suits your needs.

How to start nginxApr 14, 2025 pm 01:06 PM

Question: How to start Nginx? Answer: Install Nginx Startup Nginx Verification Nginx Is Nginx Started Explore other startup options Automatically start Nginx

How to check whether nginx is startedApr 14, 2025 pm 01:03 PM

How to confirm whether Nginx is started: 1. Use the command line: systemctl status nginx (Linux/Unix), netstat -ano | findstr 80 (Windows); 2. Check whether port 80 is open; 3. Check the Nginx startup message in the system log; 4. Use third-party tools, such as Nagios, Zabbix, and Icinga.

How to close nginxApr 14, 2025 pm 01:00 PM

To shut down the Nginx service, follow these steps: Determine the installation type: Red Hat/CentOS (systemctl status nginx) or Debian/Ubuntu (service nginx status) Stop the service: Red Hat/CentOS (systemctl stop nginx) or Debian/Ubuntu (service nginx stop) Disable automatic startup (optional): Red Hat/CentOS (systemctl disabled nginx) or Debian/Ubuntu (syst

See all articles