當需要禁止一些不太重要的通路,如爬蟲等,可以編輯虛拟主機配置檔案
[[email protected] vhosts]# vim test.conf
修改為如下樣式,~*表示不區分大小寫,|表示或者,将含有特定字元串的user_agent禁掉
server
{
listen 80;
server_name www.test.com www.aaa.com www.bbb.com;
if ($host != 'www.test.com')
{
rewrite ^/(.*)$ http://www.test.com/$1 permanent;
}
index index.html index.htm index.php;
root /data/www;
access_log /tmp/access.log combined_realip;
#deny 127.0.0.1;
#deny 192.168.147.0/24;
if ($http_user_agent ~* 'baidu|1111')
{
return 403;
}
location ~ .*admin\.php$ {
#auth_basic "aminglinux auth";
#auth_basic_user_file /usr/local/nginx/conf/.htpasswd;
allow 127.0.0.1;
deny all;
include fastcgi_params;
fastcgi_pass unix:/tmp/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /data/www$fastcgi_script_name;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|rar|zip|gz|bz2)$
……
檢查沒錯後重新加載配置
[[email protected] vhosts]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[[email protected] vhosts]# /usr/local/nginx/sbin/nginx -s reload
用curl測試
[[email protected] vhosts]# curl -x192.168.147.137:80 www.test.com -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:56:48 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
這裡我們還需要使用curl進行測試,是以去掉禁止curl通路:
使用-A選項指定http_user_agent
[[email protected] vhosts]# curl -x192.168.147.137:80 www.test.com -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:59:23 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.4.37
location: forum.php
含有baidu的http_user_agent通路被禁止:
[[email protected] vhosts]# curl -A "www.baidu.com" -x192.168.147.137:80 www.test.com -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 21:59:55 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
沒有禁止的http_user_agent可以通路:
[[email protected] vhosts]# curl -A "google" -x192.168.147.137:80 www.test.com -I
HTTP/1.1 301 Moved Permanently
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 22:00:48 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.4.37
location: forum.php
含有1111的http_user_agent也被禁止:
[[email protected] vhosts]# curl -A "google1111" -x192.168.147.137:80 www.test.com -I
HTTP/1.1 403 Forbidden
Server: nginx/1.6.2
Date: Fri, 24 Feb 2017 22:00:57 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
轉載于:https://blog.51cto.com/rachy/1901174