How to set directory whitelist and IP whitelist in nginx

1. Set a directory whitelist: Do not set restrictions on the specified request path. For example, if you do not restrict requests under the api directory, you can write

server{
    location /app {
      proxy_pass http://192.168.1.111:8095/app;

      limit_conn conn 20;

      limit_rate 500k;

      limit_req zone=foo burst=5 nodelay; 
    }
    location /app/api {
      proxy_pass http://192.168.1.111:8095/app/api
    }
}
# Because nginx will give priority to accurate matching, the above writing method will limit the paths under the api directory.

2. To set up an IP whitelist, you need to use nginx geo and nginx map

In the absence of manual deletion (--without-http_geo_module or --without-http_map_module), nginx loads the ngx-http-geo-module and ngx-http-map-module related content by default;

ngx-http-geo-module can be used to create variables whose values depend on the client IP address;

ngx-http-map-module can create variables based on other variables and their values. It allows classification, or mapping multiple variables to different values and storing them in one variable.

Nginx geo format Syntax (syntax format): geo [$address] $variable { ... }
Default: -
Content (configuration section): http
Nginx map format Syntax (Syntax format): map String $variable { ... }
Default:-
Content (configuration section): http
 
Whitelist configuration example http{
   # ... Other configuration content #Define the whitelist IP list variable geo $whiteiplist {
     default 1 ;
     127.0.0.1/32 0;
     64.223.160.0/19 0;
   }
   #Use the map command to map the client request IP in the whitelist to an empty string map $whiteiplist $limit{
     1 $binary_remote_addr ;
     0 "";
   }
   #Configure request limit content limit_conn_zone $limit zone=conn:10m;
   limit_req_zone $limit zone=allips:10m rate=20r/s;
   server{
     location /yourApplicationName {
       proxy_pass http://192.168.1.111:8095/app;
       limit_conn conn 50;
       limit_rate 500k;
       limit_req zone=allips burst=5 nodelay;
     }
   }
}
Whitelist configuration can be used to filter and restrict requests from cooperative customers, search engines, etc. (special case handling)
 
#If you want to limit only specified requests, such as limiting only Post requests, then:
http{
   # Other requests..
   # Request address map map $request_method $limit {
     default "";
     POST $binary_remote_addr;
   }
   #Limit definition limit_req_zone $limit zone=reqlimit:20m rate=10r/s;
   server{
     ... #same as normal restrictions}
}
#On this basis, if you want to perform whitelist restriction processing on the specified method, then:
http{
   #...
   #Define the whitelist map $whiteiplist $limitips{
     1 $binary_remote_addr;
     0 "";
   }
 
   #Based on the whitelist, define the specified method request limit map $request_method $limit {
     default "";
     # POST $binary_remote_addr;
     POST $limitips;
   }
 
   #Reference limit_req_zone for the request $limit zone=reqlimit:20m rate=10r/s;
 
   #Reference server in server{
     #...same as normal limits}
}

The above method of setting up directory whitelist and IP whitelist in nginx is all the content that the editor shares with you. I hope it can give you a reference. I also hope that you will support 123WORDPRESS.COM.

You may also be interested in:

Implementation of multi-port mapping of nginx reverse proxy
Nginx port mapping configuration method
Solve the problem of "Welcome to nginx on Fedora!" after installing nginx on Centos7, and there is no default.conf file in the conf.d directory
Find the running nginx directory in Linux system
Example of how to install nginx to a specified directory
How to redirect nginx directory path
Detailed explanation of Vue deployment in subdirectories or secondary directories through NGINX
Nginx local directory mapping implementation code example

<<: js implements the classic minesweeper game

>>: Build a stable and highly available cluster based on mysql+mycat, load balancing, master-slave replication, read-write separation operation

IIS 7.5 uses URL Rewrite module to achieve web page redirection

How to set directory whitelist and IP whitelist in nginx

IIS 7.5 uses URL Rewrite module to achieve web page redirection

Why MySQL chooses Repeatable Read as the default isolation level

HTML Tutorial: Ordered Lists

Script example for starting and stopping spring boot projects in Linux

Various correct postures for using environment variables in Webpack

A simple example of using js to get the time of the last week, month and three months

A detailed analysis and processing of MySQL alarms

Nginx's practical method for solving cross-domain problems

Ubuntu 19.04 installation tutorial (picture and text steps)

A brief discussion on simulating multi-threaded and multi-process crashes in Linux

Recommend

Docker Basics

Detailed explanation of the implementation process and usage of the Linux Recycle Bin mechanism

Implementation of Docker deployment of Django+Mysql+Redis+Gunicorn+Nginx

How to set npm to load packages from multiple package sources at the same time

A brief introduction to VUE uni-app core knowledge

Tutorial on installing MySQL with Docker and implementing remote connection

CSS method of clearing float and BFC

Issues with Rancher deployment and importing K8S clusters

How to deploy HTTPS for free on Tencent Cloud

Detailed explanation of the use of MySQL Online DDL

Detailed explanation of Nginx Location configuration (Location matching order)

MySql batch insert optimization Sql execution efficiency example detailed explanation

Solution to the problem that a Linux modification of MySQL configuration does not take effect

Docker implements MariaDB sub-library and sub-table and read-write separation functions

Use native js to simulate the scrolling effect of live bullet screen