淘宝开放平台

登录
文档中心 > 云服务器 ECS

云服务器 ECS

Nginx 屏蔽 IP 方法概述

更新时间: 访问次数:3136

本文概述通过 nginx 屏蔽 IP 访问的方法:

方法一

1. 建立下面的配置文件放在 nginx 的安装配置的 conf 目录下面,命名为 blocksip.conf: 
比如假设需要屏蔽的是 192.168.1.1,则编辑 blocksip.conf 文件,添加如下内容

1
2
3
4
5
<ol class="linenums">
  
 <li class="L0"><span class="pln">deny </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">1.1</span><span class="pun">,;</span><span class="pln"> </span></li>
 
</ol>


2.在 nginx 的配置文件 nginx.conf 中加入:

1
2
3
4
5
<ol class="linenums">
  
 <li class="L0"><span class="pln">include blocksip</span><span class="pun">.</span><span class="pln">conf</span><span class="pun">;</span><span class="pln"> </span></li>
 
</ol>

3. 重启nginx服务:

1
2
3
4
5
<ol class="linenums">
  
 <li class="L0"><span class="str">/usr/</span><span class="kwd">local</span><span class="pun">/</span><span class="pln">nginx</span><span class="pun">/</span><span class="pln">sbin</span><span class="pun">/</span><span class="pln">nginx </span><span class="pun">-</span><span class="pln">s reload </span></li>
 
</ol>

另外,blocksip.conf 文件的格式还有许多种,可以配置只允许的 IP 访问或者 IP 段访问: 

  • deny IP; 拒绝 IP
  • allow IP; 允许 IP
  • block all ips (拒绝所有 IP)使用 deny all; 
  • allow all ips (允许所有 IP 访问)allow all; 

在文件中,也可以使用网段的形式配置,比如 192.168.1.0/24  24 表示 C 类网络,相应配置为:

1
2
3
4
5
<ol class="linenums">
  
 <li class="L0"><span class="pln">deny </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">1.0</span><span class="pun">/</span><span class="lit">24</span><span class="pun">;</span></li>
 
</ol>

如果想实现除了指定的几个 IP 外,其他全部拒绝,则可以使在 ip.balcklist 中进行如下配置:

1
2
3
4
5
6
7
8
9
<ol class="linenums">
  
 <li class="L0"><span class="pln">allow ip </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">1.1</span></li>
  
 <li class="L1"><span class="pln">allow ip </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">1.2</span></li>
  
 <li class="L2"><span class="pln">deny all</span><span class="pun">;</span><span class="pln">  </span><span class="pun">(表示除了</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">1.1</span><span class="pun">,</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">1.2</span><span class="pun">外其他的都拒绝)</span></li>
 
</ol>

 

方法二

单独网站屏闭 IP 的方法:

在 server"{}",在这个大括号内加入 deny IP 地址是限制某 IP 地址访问;allow IP地址是只允许某IP地址访问;

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
<ol class="linenums">
  
 <li class="L0"><span class="com">#屏蔽单个IP的命令是</span></li>
  
 <li class="L1"><span class="pln">deny </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">1.1</span></li>
  
 <li class="L2"></li>
  
 <li class="L3"><span class="com"># 封整个段即从10.0.0.010.255.255.255的命令</span></li>
  
 <li class="L4"><span class="pln">deny </span><span class="lit">10.0</span><span class="pun">.</span><span class="lit">0.0</span><span class="pun">/</span><span class="lit">8</span></li>
  
 <li class="L5"></li>
  
 <li class="L6"><span class="com"># 封IP段即从127.16.0.0172.16.0.0的命令</span></li>
  
 <li class="L7"><span class="pln">deny </span><span class="lit">172.16</span><span class="pun">.</span><span class="lit">0.0</span><span class="pun">/</span><span class="lit">16</span></li>
  
 <li class="L8"></li>
  
 <li class="L9"><span class="com"># 封IP段即从到192.168.1.254的命令是</span></li>
  
 <li class="L0"><span class="pln">deny </span><span class="lit">192.169</span><span class="pun">.</span><span class="lit">1.0</span><span class="pun">/</span><span class="lit">24</span></li>
 
</ol>

例如,下面的例子屏蔽 192.168.1.0/24 的网段 IP:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<ol class="linenums">
  
 <li class="L0"><span class="pln">   </span><span class="com">#server {</span></li>
  
 <li class="L1"><span class="pln">    </span><span class="com">#    listen       8000;</span></li>
  
 <li class="L2"><span class="pln">    </span><span class="com">#    listen       somename:8080;</span></li>
  
 <li class="L3"><span class="pln">    </span><span class="com">#    server_name  somename  alias  another.alias;</span></li>
  
 <li class="L4"><span class="pln">        deny </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">1.0</span><span class="pun">/</span><span class="lit">24</span></li>
  
 <li class="L5"><span class="pln">    </span><span class="com">#    location / {</span></li>
  
 <li class="L6"><span class="pln">    </span><span class="com">#        root   html;</span></li>
  
 <li class="L7"><span class="pln">    </span><span class="com">#        index  index.html index.htm;</span></li>
  
 <li class="L8"><span class="pln">    </span><span class="com">#    }</span></li>
  
 <li class="L9"><span class="pln">    </span><span class="com">#}</span></li>
 
</ol>

 

如果问题还未能解决,您可以到阿里云社区进行免费咨询或联系云市场商家寻求帮助。

 

FAQ

关于此文档暂时还没有FAQ
有用(0) 我要提问
文档标签:
Nginx 屏蔽 IP 方法概述
返回
顶部