nginx - acl

最後更新: 2017-09-04

目錄

  • IP Level ACL (ngx_http_access_module)
  • ID Login ACL (HttpAuthBasicModule)

 


IP Level ACL (ngx_http_access_module)

 

Options

  • allow
  • deny

Syntax:

allow address | CIDR | all

e.g.

location / {
    # First Match Win
    deny  192.168.1.1;
    allow 192.168.1.0/24;
    deny  all;
}

 


ID Login ACL (HttpAuthBasicModule)

 

Basic setting

server {
    ...
    # string / off

    auth_basic             "Restricted";
  
    # Path is relative to directory of nginx configuration file nginx.conf
    # Format: user2:pass2:comment    <--- htpasswd

    auth_basic_user_file    htpasswd;


    # 某 path 不用 login
    location /public/ {
        auth_basic off;
    }
}

其中一種 login 成功就成功 (satisfy any)

location / {

    # Default: all
    satisfy any;

    allow 192.168.1.0/24;
    deny  all;

    auth_basic           "closed site";
    auth_basic_user_file conf/htpasswd;
}