nginx prohibit access to the site of IP setting method
http://www.512873.com/archives/471.html http://www.512873.com/archives/312.html
conf directory, create blocksip.conf
Write deny 1.1.1.1 in blocksip.conf inside; the phrase is meant to disable this IP (entire segment is: deny 1.1.1.0/24;)
Inside nginx.conf added: include blocksip.conf;
Nginx to restart it.
Nginx server rejects the request post
Publish: May 27, 2015 Category: 文档 No Comments
upstream tomcat {
ip_hash;
server 192.168.2.187:8080;
}
location ~*
/html
{
if
($request_method = PUT ) {
return
403;
}
if
($request_method = DELETE ) {
return
403;
}
if
($request_method = POST ) {
return
403;
}
proxy_method GET;
proxy_pass http:
//tomcat
;
}
|
When the path contains / html, the proxy server to backend data request. Here shielding PUT, DELETE, POST, but using the GET, the main purpose of security, since DELETE, POST, PUT data can be modified.
or:
limit_except GET {
allow 192.168.1.1;
deny all;
if
($request_filename ~
/test/index
.html) {
# return 404;
rewrite ^/(.*)
/index
.html;
}
};
|
Forbidden nginx txt | doc file
Method a: global settings to disable access to any suffix txt | doc file
LOCATION * ~ \ (txt | doc) {$.
the deny All;
}
Method two: prohibited access only at certain txt directory | DOC
LOCATION ~ * \ (txt | DOC) $ {.
IF (-f $ request_filename) {
root html/job;
break;
}
}
nginx is prohibited in a browser to access: # type of browser can be learned from the log.
Server
{
the listen 80;
server_name test.domain.com;
index the index.php index.html;
the root / opt / Nginx / HTML /;
IF (* ~ $ HTTP_USER_AGENT "MSIE 6.0") {
return 403;
}
Set execute permissions
in windows + iis, you can set upload directory, similar to: upload, uploadfile, attachments, no such directory script execute permissions to prevent unauthorized users upload script to get webshell
the nginx is also very simple, we use the location as follows:
location ~ ^ / Upload /.* \ (PHP | PHP5) $.
{
the deny All;
}
Which replaced upload directory name you want to set
this rule is the meaning of matching requests at the beginning of the connection is / upload /, the middle match any character, the end of the match or .php5 .php pages. Finally, deny all access is prohibited, so prevents script execution permissions to upload directory