The implementation of the IP that restricts the management directory under the PHP framework of the Nginx reverse proxy, CI (CodeIgniter)

Source: Internet
Author: User
Tags php framework codeigniter nginx reverse proxy

It was a long time, but it was a perfect solution.

The main front-end Nginx, the back end is Nginx.

The front-end Nginx does not make the relevant URL permission restrictions, because all the URLs in the CI have to go through index.php redirection.

And, in the back-end nginx limit, more than the front-end security.

I am about to follow the following several routines, are back-end nginx operation, is not a strict step, to further investigation.

1,real_ip_header x-forwarded-for; store real IP variables. (This step was not verified again)

2, add the following in the configuration. (For example, limit the URL with the admin keyword)



Location ~. *admin.*{Allow 192.168.1.0/28; #内网要开相关前端IP, this verified allow 1.2.3.4; #我们正正允许的IP deny all; #禁掉所有 rewrite^/(. *) $/index.php/$1Last, #这个好关键, CI is the way to play, no way. Location~ \.php (. *) $ {fastcgi_pass127.0.0.1:9000; Fastcgi_index Index.PHP; Fastcgi_split_path_info^((? U). +\.php) (/?. +)$; Fastcgi_param Script_filename/wdzj/data$fastcgi _script_name; Fastcgi_param Path_info$fastcgi _path_info; Fastcgi_param path_translated$document _root$fastcgi_path_info; includeFastcgi_params; } #再解析PHP, there will be a parsing error like 500}

By the way, another CI under the nginx jump rule (because Nginx does not support multi-conditional judgment, the variable is judged):

Set$ci0;if(!-f$request _filename) {Set$ci"${ci}a";}if(!-d$request _filename) {Set$ci"${ci}b";}if($uri!~ "^ (index.php|images|robots.txt)") {Set$ci"${ci}c";}if($ci= "0ABC") {rewrite^/(. *) $/index.php/$1Last ;}

There is a picture of the truth:

The implementation of the IP that restricts the management directory under the PHP framework of the Nginx reverse proxy, CI (CodeIgniter)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.