How to set directory whitelist and IP whitelist in nginx

1. Set a directory whitelist: Do not set restrictions on the specified request path. For example, if you do not restrict requests under the api directory, you can write

server{
    location /app {
      proxy_pass http://192.168.1.111:8095/app;

      limit_conn conn 20;

      limit_rate 500k;

      limit_req zone=foo burst=5 nodelay; 
    }
    location /app/api {
      proxy_pass http://192.168.1.111:8095/app/api
    }
}
# Because nginx will give priority to accurate matching, the above writing method will limit the paths under the api directory.

2. To set up an IP whitelist, you need to use nginx geo and nginx map

In the absence of manual deletion (--without-http_geo_module or --without-http_map_module), nginx loads the ngx-http-geo-module and ngx-http-map-module related content by default;

ngx-http-geo-module can be used to create variables whose values depend on the client IP address;

ngx-http-map-module can create variables based on other variables and their values. It allows classification, or mapping multiple variables to different values and storing them in one variable.

Nginx geo format Syntax (syntax format): geo [$address] $variable { ... }
Default: -
Content (configuration section): http
Nginx map format Syntax (Syntax format): map String $variable { ... }
Default:-
Content (configuration section): http
 
Whitelist configuration example http{
   # ... Other configuration content #Define the whitelist IP list variable geo $whiteiplist {
     default 1 ;
     127.0.0.1/32 0;
     64.223.160.0/19 0;
   }
   #Use the map command to map the client request IP in the whitelist to an empty string map $whiteiplist $limit{
     1 $binary_remote_addr ;
     0 "";
   }
   #Configure request limit content limit_conn_zone $limit zone=conn:10m;
   limit_req_zone $limit zone=allips:10m rate=20r/s;
   server{
     location /yourApplicationName {
       proxy_pass http://192.168.1.111:8095/app;
       limit_conn conn 50;
       limit_rate 500k;
       limit_req zone=allips burst=5 nodelay;
     }
   }
}
Whitelist configuration can be used to filter and restrict requests from cooperative customers, search engines, etc. (special case handling)
 
#If you want to limit only specified requests, such as limiting only Post requests, then:
http{
   # Other requests..
   # Request address map map $request_method $limit {
     default "";
     POST $binary_remote_addr;
   }
   #Limit definition limit_req_zone $limit zone=reqlimit:20m rate=10r/s;
   server{
     ... #same as normal restrictions}
}
#On this basis, if you want to perform whitelist restriction processing on the specified method, then:
http{
   #...
   #Define the whitelist map $whiteiplist $limitips{
     1 $binary_remote_addr;
     0 "";
   }
 
   #Based on the whitelist, define the specified method request limit map $request_method $limit {
     default "";
     # POST $binary_remote_addr;
     POST $limitips;
   }
 
   #Reference limit_req_zone for the request $limit zone=reqlimit:20m rate=10r/s;
 
   #Reference server in server{
     #...same as normal limits}
}

The above method of setting up directory whitelist and IP whitelist in nginx is all the content that the editor shares with you. I hope it can give you a reference. I also hope that you will support 123WORDPRESS.COM.

You may also be interested in:

Implementation of multi-port mapping of nginx reverse proxy
Nginx port mapping configuration method
Solve the problem of "Welcome to nginx on Fedora!" after installing nginx on Centos7, and there is no default.conf file in the conf.d directory
Find the running nginx directory in Linux system
Example of how to install nginx to a specified directory
How to redirect nginx directory path
Detailed explanation of Vue deployment in subdirectories or secondary directories through NGINX
Nginx local directory mapping implementation code example

<<: js implements the classic minesweeper game

>>: Build a stable and highly available cluster based on mysql+mycat, load balancing, master-slave replication, read-write separation operation