Nginx - ACL (IP, User/Pass)

最後更新: 2020-08-18

目錄

  • IP Level ACL (ngx_http_access_module)
  • ID Login ACL (HttpAuthBasicModule)
  • 混合 IP & User/Pass 方式(satisfy 的使用)

 


IP Level ACL (ngx_http_access_module)

 

Options

  • allow
  • deny

Syntax:

allow address | CIDR | all

e.g.

location / {
    # First Match Win
    deny  192.168.1.1;
    allow 192.168.1.0/24;
    deny  all;
}

 


Login ACL (HttpAuthBasicModule)

 

Basic setting

server {
    ...
    # string / off
    auth_basic             "Restricted";

    # 某 path 不用 login
    location /public/ {
        auth_basic off;
    }

    # Path is relative to directory of nginx configuration file nginx.conf
    # Format: user2:pass2:comment    <-- 可以用 htpasswd 建立
    auth_basic_user_file    htpasswd;
}

 


混合 IP & User/Pass 方式 (satisfy 的使用)

 

IP & User/Pass 其中一種成功就成功 (satisfy any)

location / {

    # Default: all
    satisfy any;

    allow 192.168.1.0/24;
    deny  all;

    auth_basic           "closed site";
    auth_basic_user_file conf/htpasswd;
}

 


 

Creative Commons license icon Creative Commons license icon