Below is the method
Control Panel-Administrative Tools-Local Security policy or command gpedit.msc
Select Create IP security Policy
Click Next
We're just going to forbid him, not talk to him, then, cancel the tick.
Press finish directly. That tick is the default.
Note the "Add Wizard" at the bottom right, if checked, cancel him, and then click "Add"
Select the banned IP point edits just established (@ Add IP)
Cancel the "Add Wizard" Check, and then click Add
Address and Target don't write it back.
Then switch to the Protocols panel
I'm here to select TCP to port 80, just click OK, go back to the upper layer, continue to confirm, go back to the new Rule Properties panel
Select the filter Actions panel
The block here was added by me earlier, the procedure is: Cancel the Add Wizard Check Point to add
It's OK to rename it in the routine to stop it.
All the way OK, back to
Notice that you want to disable the check in front of IP
OK, complete this policy
Finally, you need to assign a policy
By this, the user of the IP 116.164.68.6 address just shown cannot access the server
Add multiple IP start from (@ Add IP)
You can also disable the Web through IP access via Nginx
Nginx's default virtual host takes effect when a user accesses via IP or through an unnamed domain name (such as when someone points his own domain name to your IP)
The key point is to add this line to the server's settings:
Listen default;
The following default parameter indicates that this is the default virtual host.
This setting is very useful.
For example, when someone accesses your website via IP or unknown domain name, you want to suppress any valid content and return 500 to him.
At present, a lot of domestic computer rooms are required to shut down the main web site, to prevent the record of the domain name to cause trouble. You can set it this way:
The code is as follows |
Copy Code |
server { Listen default; return 500; } |
You can also collect these traffic, import to their own website, as long as the following jump settings can be:
The code is as follows |
Copy Code |
server { Listen default; Rewrite ^ (. *) http://www.mydomain.com permanent; }
|
==============================
After setting up, it is true that you cannot access the server through IP, but when server_name is followed by multiple domain names, one of the domain names cannot be accessed:
The settings are as follows:
The code is as follows |
Copy Code |
Server { Listen 80; server_name www.abc.com abc.com
|
Before the change, the server can be accessed through the www.abc.com abc.com in server_name, and the server cannot be accessed through abc.com after adding the settings that prohibit IP access, www.abc.com can access
Detecting profiles with nginx-t prompts warning:
[Warn]: Conflicting server name "ABC.com" on 0.0.0.0:80, ignored
The configuration file/usr/local/webserver/nginx/conf/nginx.conf syntax is OK
Configuration file/usr/local/webserver/nginx/conf/nginx.conf test is successful
Finally passed in listen default; then add server_name _; Resolve, form as follows:
The code is as follows |
Copy Code |
#禁止IP访问 Server { Listen default; server_name _; return 500; } |
In this way, the server can be accessed through abc.com, and the problem is solved.