倘若有几个ip地址在进行服务器的攻击、就来看看nginx是如何禁止IP访问的。
deny 192.168.1.4; //禁止192.168.1.4禁止访问
allow 允许
问:deny 和 allow 写的位置有要求吗?
放在http 或 sever 标签中。
实例1
http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; include /usr/local/nginx/conf/vhosts/*; #禁止ip访问 deny 58.251.80.45; deny 58.251.80.62; deny 157.255.192.118; }
封锁范围从大到小:
在server"{}",在这个大括号内加入deny IP地址是限制某IP地址访问;allow IP地址是只允许某IP地址访问;
#封整个段即从123.0.0.1到123.255.255.254的命令
deny 123.0.0.0/8
#封IP段即从123.45.0.1到123.45.255.254的命令
deny 124.45.0.0/16
封IP段即从123.45.6.1到123.45.6.254的命令是
deny 123.45.6.0/24