URI-based ACL configuration in Nginx reverse proxy-Nginx-php.cn

Home

Operation and Maintenance

Nginx

URI-based ACL configuration in Nginx reverse proxy

王林

Jun 10, 2023 am 10:42 AM

nginxreverse proxyacl configuration

Nginx is an open source high-performance web server and reverse proxy server that can easily handle a large number of concurrent requests. Nginx integrates a variety of functional modules, among which ACL (Access Control List) is an important configuration method. ACL allows administrators to control which users or IP addresses can access the Nginx server, thereby improving the security and reliability of the web server. This article will introduce how to use ACL configuration in Nginx reverse proxy to control access permissions based on URI.

What is ACL?

ACL, full name Access Control List, Chinese name Access Control List, is a technical means to control access rights. It allows or denies access to specific users or IP addresses, thereby protecting your web server from malicious attacks.

There are two ways to implement ACL in Nginx, one is ACL based on IP address, and the other is ACL based on URI. This article will focus on URI-based ACLs.

URI-based ACL configuration

URI-based ACL is a relatively common and flexible means of controlling access permissions. By filtering the requested URI, user access rights can be controlled by category.

Let’s look at a specific example. Suppose our web application has two modules, one is the background management module and the other is the front-end user module. The access URIs for these two modules are different.

We can use the ACL function of Nginx to cooperate with the reverse proxy module to achieve access control to these two modules. First, we need to add the following ACL rules to the Nginx configuration file:

location / {

proxy_pass http://backend;
allow 192.168.1.0/24; # 允许192.168.1.0/24网段的访问
deny all; # 拒绝其他所有IP地址的访问

}

location /admin {

proxy_pass http://backend;
allow 192.168.1.10; # 允许指定IP地址的访问
deny all; # 拒绝其他所有IP地址的访问

}

In the above configuration, we set different ACL rules for all URIs and /admin URIs. For all URIs, we only allow IP addresses in the 192.168.1.0/24 network segment to be accessible. For /admin URI, we only allow the specified IP address to be accessed, and other IP addresses are rejected.

It should be noted that the order of ACL rules is very important. Nginx first matches the longest URI. If the match is successful, the ACL rule corresponding to the URI is used. If the URI matches multiple ACL rules, the first matching ACL rule will be used.

Regular expression-based ACL configuration

In addition to URI-based ACL configuration, Nginx also supports regular expression-based ACL configuration. This method is more flexible and can be customized according to different needs.

Let’s take a look at an example. Suppose we need to control access to all URIs starting with /api, we can use the following ACL configuration:

location ~ ^/api/(.*)$ {

proxy_pass http://backend;
allow 192.168.1.0/24; # 允许192.168.1.0/24网段的访问
deny all; # 拒绝其他所有IP地址的访问

}

In the above configuration, we use regular expressions to match all URIs starting with /api, and set the corresponding ACL rules.

It should be noted that using regular expressions for ACL configuration may cause some performance overhead. Therefore, we recommend using URI-based ACL configuration whenever possible.

Summary

ACL is a very important means of controlling access permissions in Nginx reverse proxy. URI-based ACL configuration can set different access permissions for different URIs. ACL configuration based on regular expressions is more flexible and can be customized according to different needs. For different application scenarios, we can choose different ACL configuration methods. At the same time, in order to improve performance, we should try to avoid using complex regular expressions for ACL configuration.

The above is the detailed content of URI-based ACL configuration in Nginx reverse proxy. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

The Advantages of NGINX: Speed, Efficiency, and ControlMay 12, 2025 am 12:13 AM

The reason why NGINX is popular is its advantages in speed, efficiency and control. 1) Speed: Adopt asynchronous and non-blocking processing, supports high concurrent connections, and has strong static file service capabilities. 2) Efficiency: Low memory usage and powerful load balancing function. 3) Control: Through flexible configuration file management behavior, modular design facilitates expansion.

NGINX vs. Apache: Community, Support, and ResourcesMay 11, 2025 am 12:19 AM

The differences between NGINX and Apache in terms of community, support and resources are as follows: 1. Although the NGINX community is small, it is active and professional, and official support provides advanced features and professional services through NGINXPlus. 2.Apache has a huge and active community, and official support is mainly provided through rich documentation and community resources.

NGINX Unit: An Introduction to the Application ServerMay 10, 2025 am 12:17 AM

NGINXUnit is an open source application server that supports a variety of programming languages and frameworks, such as Python, PHP, Java, Go, etc. 1. It supports dynamic configuration and can adjust application configuration without restarting the server. 2.NGINXUnit supports multi-language applications, simplifying the management of multi-language environments. 3. With configuration files, you can easily deploy and manage applications, such as running Python and PHP applications. 4. It also supports advanced configurations such as routing and load balancing to help manage and scale applications.

Using NGINX: Optimizing Website Performance and ReliabilityMay 09, 2025 am 12:19 AM

NGINX can improve website performance and reliability by: 1. Process static content as a web server; 2. forward requests as a reverse proxy server; 3. allocate requests as a load balancer; 4. Reduce backend pressure as a cache server. NGINX can significantly improve website performance through configuration optimizations such as enabling Gzip compression and adjusting connection pooling.

NGINX's Purpose: Serving Web Content and MoreMay 08, 2025 am 12:07 AM

NGINXserveswebcontentandactsasareverseproxy,loadbalancer,andmore.1)ItefficientlyservesstaticcontentlikeHTMLandimages.2)Itfunctionsasareverseproxyandloadbalancer,distributingtrafficacrossservers.3)NGINXenhancesperformancethroughcaching.4)Itofferssecur

NGINX Unit: Streamlining Application DeploymentMay 07, 2025 am 12:08 AM

NGINXUnit simplifies application deployment with dynamic configuration and multilingual support. 1) Dynamic configuration can be modified without restarting the server. 2) Supports multiple programming languages, such as Python, PHP, and Java. 3) Adopt asynchronous non-blocking I/O model to improve high concurrency processing performance.

NGINX's Impact: Web Servers and BeyondMay 06, 2025 am 12:05 AM

NGINX initially solved the C10K problem and has now developed into an all-rounder who handles load balancing, reverse proxying and API gateways. 1) It is well-known for event-driven and non-blocking architectures and is suitable for high concurrency. 2) NGINX can be used as an HTTP and reverse proxy server, supporting IMAP/POP3. 3) Its working principle is based on event-driven and asynchronous I/O models, improving performance. 4) Basic usage includes configuring virtual hosts and load balancing, and advanced usage involves complex load balancing and caching strategies. 5) Common errors include configuration syntax errors and permission issues, and debugging skills include using nginx-t command and stub_status module. 6) Performance optimization suggestions include adjusting worker parameters, using gzip compression and

Nginx Troubleshooting: Diagnosing and Resolving Common ErrorsMay 05, 2025 am 12:09 AM

Diagnosis and solutions for common errors of Nginx include: 1. View log files, 2. Adjust configuration files, 3. Optimize performance. By analyzing logs, adjusting timeout settings and optimizing cache and load balancing, errors such as 404, 502, 504 can be effectively resolved to improve website stability and performance.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

How to fix KB5055612 fails to install in Windows 10?

3 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Nordhold: Fusion System, Explained

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.