Common linux practices
Iptables reference rules
The code is as follows: |
Copy code |
Iptables-I INPUT-p tcp-dport 80-m-mac-soruce $ MAC-j DROP Iptables-I INPUT-p tcp-dport 80-s $ IP-j DROP IP address-based |
Method 1,
First, create the following configuration file and place it under the nginx conf directory, and name it blocksip. conf:
Add the following code:
The code is as follows: |
Copy code |
# Shielding soso Spider IP addresses Deny 113.108.12.154; # This is the search Spider IP address. Deny 124.115.0.0/24; # This is used to shield search Spider 124.115.0.1 ~ 124.115.0.255 IP address of the entire network segment Deny 124.115.4.0/24; # This is used to shield search Spider 124.115.4.1 ~ 124.115.4.255 IP address of the entire network segment Blocking the IP address of the entire network segment may lead to false blocking, but the probability is very low. |
Save it.
Add include blocksip. conf to the nginx configuration file nginx. conf;
Restart the nginx service:/usr/local/nginx/sbin/nginx-s reload.
Method 2: Use nginx's ngx_http_access_module
The ngx_http_access_module can be used to set which ip addresses or ip segment access is allowed/Prohibited. You can set a file with the following content:
The code is as follows: |
Copy code |
Deny IP; Deny subnet; Allow IP; Allow subnet; # Block all ips Deny all; # Allow all ips Allow all;
|
The CIDR block format is as follows: 192.168.1.0/24.
Then edit nginx. conf and add a line:
Include blockips. conf;
After this configuration, all the websites on the server will follow this configuration to reject or allow access. If you want to only target a website, you can add the following content to the configuration of the specific website:
The code is as follows: |
Copy code |
Location /{ Allow 192.168.0.0/24; Deny all; }
|
In this way, only access from the ip address of the 192.168.0.0 network segment is allowed, and a 403 error will be returned for access from other ip addresses.
You can also customize a 403 error page. You can create a new error403.html file under/usr/local/nginx/html. in the file, write a document according to the html syntax and write some instructions.
Then edit nginx. conf and add:
The code is as follows: |
Copy code |
Error_page 403/error403.html; Location =/error403.html { Root html; } |