Tutorial on setting ip address restriction for nginx

I. All Limited IP addresses of servers
# Vi nginx. conf
Allow 10.57.22.172; # Allowed IP addresses
Deny all;

II. Site IP limit
# Vi vhosts. conf
Website IP address restrictions:
Location /{
Index index.html index.htm index. php;
Allow 10.57.22.172;
Deny all;

Location ~ \. Php $ {
If ($ fastcgi_script_name ~ \ .. * \/. * Php) {return 403 ;}
Fastcgi_pass 127.0.0.1: 9000;
Fastcgi_index index. php;
Fastcgi_param SCRIPT_FILENAME/var/www/htdocs $ fastcgi_script_name;
Include fastcgi_params;
}
}

Site IP address limit Directory:
Location /{
Index index.html index.htm index. php;
}

Location ^ ~ /Test /{
Allow 10.57.22.172;
Deny all;

If ($ fastcgi_script_name ~ \ .. * \/. * Php) {return 403 ;}
Fastcgi_pass 127.0.0.1: 9000;
Fastcgi_index index. php;
Fastcgi_param SCRIPT_FILENAME/var/www/htdocs $ fastcgi_script_name;
Include fastcgi_params;
}

Location ~ \. Php $ {
If ($ fastcgi_script_name ~ \ .. * \/. * Php) {return 403 ;}
Fastcgi_pass 127.0.0.1: 9000;
Fastcgi_index index. php;
Fastcgi_param SCRIPT_FILENAME/var/www/htdocs $ fastcgi_script_name;
Include fastcgi_params;
}

Note:
1. You must add an ip address to the deny. Otherwise, the ip address will jump directly to "403" and the ip address will not be executed. If the "403 million" page is under the same domain name, an endless access will occur;
2. ip address segment of allow
The segments allowed for access are arranged in ascending order. For example, 10.10.0.0/16 can be placed under 127.0.0.0/24.
24 indicates the subnet mask: 255.255.255.0
16 indicates the subnet mask: 255.255.0.0
8 indicates the subnet mask: 255.0.0.0
3. deny all; the end indicates that none of the above allow items are allowed.
For example:
Deny 192.168.1.1;
Allow 127.0.0.0/24;
Allo w 192.168.0.0/16;
Allow 10.10.0.0/16;
Deny all;