Introduction to Windows Server prohibit IP access method

Below is the method

Control Panel-Administrative Tools-Local Security policy or command gpedit.msc

Select Create IP security Policy

Click Next

We're just going to forbid him, not talk to him, then, cancel the tick.

Press finish directly. That tick is the default.

Note the "Add Wizard" at the bottom right, if checked, cancel him, and then click "Add"

Select the banned IP point edits just established (@ Add IP)

Cancel the "Add Wizard" Check, and then click Add

Address and Target don't write it back.

Then switch to the Protocols panel

I'm here to select TCP to port 80, just click OK, go back to the upper layer, continue to confirm, go back to the new Rule Properties panel

Select the filter Actions panel

The block here was added by me earlier, the procedure is: Cancel the Add Wizard Check Point to add

It's OK to rename it in the routine to stop it.

All the way OK, back to

Notice that you want to disable the check in front of IP

OK, complete this policy

Finally, you need to assign a policy

By this, the user of the IP 116.164.68.6 address just shown cannot access the server

Add multiple IP start from (@ Add IP)

You can also disable the Web through IP access via Nginx

Nginx's default virtual host takes effect when a user accesses via IP or through an unnamed domain name (such as when someone points his own domain name to your IP)

The key point is to add this line to the server's settings:
Listen default;
The following default parameter indicates that this is the default virtual host.

This setting is very useful.
For example, when someone accesses your website via IP or unknown domain name, you want to suppress any valid content and return 500 to him.
At present, a lot of domestic computer rooms are required to shut down the main web site, to prevent the record of the domain name to cause trouble. You can set it this way:

The code is as follows	Copy Code
server { Listen default; return 500; }

You can also collect these traffic, import to their own website, as long as the following jump settings can be:

The code is as follows	Copy Code
server { Listen default; Rewrite ^ (. *) http://www.mydomain.com permanent; }

==============================

After setting up, it is true that you cannot access the server through IP, but when server_name is followed by multiple domain names, one of the domain names cannot be accessed:

The settings are as follows:

The code is as follows	Copy Code
Server { Listen 80; server_name www.abc.com abc.com

Before the change, the server can be accessed through the www.abc.com abc.com in server_name, and the server cannot be accessed through abc.com after adding the settings that prohibit IP access, www.abc.com can access

Detecting profiles with nginx-t prompts warning:

[Warn]: Conflicting server name "ABC.com" on 0.0.0.0:80, ignored
The configuration file/usr/local/webserver/nginx/conf/nginx.conf syntax is OK
Configuration file/usr/local/webserver/nginx/conf/nginx.conf test is successful

Finally passed in listen default; then add server_name _; Resolve, form as follows:

The code is as follows	Copy Code
#禁止IP访问 Server { Listen default; server_name _; return 500; }

In this way, the server can be accessed through abc.com, and the problem is solved.