倘若有几个ip地址在进行服务器的攻击、就来看看nginx是如何禁止IP访问的。
deny 192.168.1.4; //禁止192.168.1.4禁止访问
allow 允许
问:deny 和 allow 写的位置有要求吗?
放在http 或 sever 标签中。
实例1
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
include /usr/local/nginx/conf/vhosts/*;
#禁止ip访问
deny 58.251.80.45;
deny 58.251.80.62;
deny 157.255.192.118;
}封锁范围从大到小:
在server"{}",在这个大括号内加入deny IP地址是限制某IP地址访问;allow IP地址是只允许某IP地址访问;
#封整个段即从123.0.0.1到123.255.255.254的命令
deny 123.0.0.0/8
#封IP段即从123.45.0.1到123.45.255.254的命令
deny 124.45.0.0/16
封IP段即从123.45.6.1到123.45.6.254的命令是
deny 123.45.6.0/24