#Nginx防盗链###配置如下,可以和上面的配置结合起来location ~* ^.+/.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|x
#Nginx防盗链###配置如下,可以和上面的配置结合起来
location ~* ^.+/.(gif|jpg|png|swf|flv|rar|zip|doc|pdf|gz|bz2|jpeg|bmp|xls)${ expires 7d; valid_referers none blocked server_names *.test.com ; if ($invalid_referer) { return 403; } access_log off;}#Nginx访问控制需求:访问/admin/目录的请求,只允许某几个IP访问.###配置如下:
location /admin/{ allow 192.168.133.1; allow 127.0.0.1; deny all;}###创建测试
mkdir /data/wwwroot/test.com/admin/echo “test,test”>/data/wwwroot/test.com/admin/1.html###检测重启
/usr/local/nginx/bin/nginx -t && -s reload###测试
curl -x127.0.0.1:80 test.com/admin/1.html -I curl -x192.168.133.130:80 test.com/admin/1.html -I#Nginx访问控制###配置如下:
location ~ .*(abc|image)/.*/.php${ deny all;}###根据user_agent限制
if ($http_user_agent ~ 'Spider/3.0|YoudaoBot|Tomato'){ return 403;}- deny all和return 403效果一样
#Nginx解析php的配置###配置如下:
location ~ /.php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/wwwroot/test.com$fastcgi_script_name; }- fastcgi_pass 用来指定php-fpm监听的地址或者socket
