
Nginx
1 前言
生产环境中,我们有时候需用使用Nginx限制文件类型的访问,由此需求我们整理出本章节的内容。
2 最佳实践
2.1 服务器环境
如果你尚未配置Nginx服务器环境,请按如下配置准备,
https://www.cmdschool.org/archives/7415
2.2 只允许某类型的文件访问
2.2.1 修改配置文件
vim /etc/nginx/conf.d/www.cmdschool.org_80.conf
将配置修改如下,
server { listen 80; server_name www.cmdschool.org; location ~* \.(html|htm|php|gif|jpg|jpeg|bmp|png|ico|js|css)$ { root /var/www/www.cmdschool.org; index index.html index.htm index.php; expires 3d; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
2.2.2 重启服务使配置生效
systemctl restart nginx.service
2.2.3 创建测试页
echo www.cmdschool.org > /var/www/www.cmdschool.org/index.html echo www.cmdschool.org > /var/www/www.cmdschool.org/index.bat
2.2.4 测试html类型的文件访问
curl http://www.cmdschool.org/index.html
命令显示如下,
www.cmdschool.org
2.2.5 测试bat类型的文件访问
curl http://www.cmdschool.org/index.bat
命令显示如下,
<html> <head><title>404 Not Found</title></head> <body> <center><h1>404 Not Found</h1></center> <hr><center>nginx/1.16.1</center> </body> </html>
2.3 只拒绝访问某类型的文件
2.3.1 修改配置文件
vim /etc/nginx/conf.d/www.cmdschool.org_80.conf
将配置修改如下,
server { listen 80; server_name www.cmdschool.org; location / { root /var/www/www.cmdschool.org; index index.html index.htm index.php; } location ~ \.(exe|bat)$ { root /var/www/www.cmdschool.org; return 410; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
2.3.2 重启服务使配置生效
systemctl restart nginx.service
2.3.3 创建测试页
echo www.cmdschool.org > /var/www/www.cmdschool.org/index.html echo www.cmdschool.org > /var/www/www.cmdschool.org/index.bat
2.3.4 测试html类型的文件访问
curl http://www.cmdschool.org/index.html
命令显示如下,
www.cmdschool.org
2.3.5 测试bat类型的文件访问
curl http://www.cmdschool.org/index.bat
命令显示如下,
<html> <head><title>410 Gone</title></head> <body> <center><h1>410 Gone</h1></center> <hr><center>nginx/1.16.1</center> </body> </html>
2.4 为拒绝访问某类型设置特许
2.4.1 修改配置文件
vim /etc/nginx/conf.d/www.cmdschool.org_80.conf
将配置修改如下,
server { listen 80; server_name www.cmdschool.org; location / { root /var/www/www.cmdschool.org; index index.html index.htm index.php; } location ~ /exception/(example.exe|example.bat)$ { root /var/www/www.cmdschool.org; } location ~* \.(exe|bat)$ { root /var/www/www.cmdschool.org; return 410; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
以上利用匹配模式的优先级别实现,优先级别从高到底排列如下,
“=”精确匹配 “^~”不做模式匹配 “~”正则表达式的模式匹配 “~*”正则表达式的模式匹配 “” 无符号匹配模式
2.4.2 重启服务使配置生效
systemctl restart nginx.service
2.4.3 创建测试页
echo www.cmdschool.org > /var/www/www.cmdschool.org/index.html echo www.cmdschool.org > /var/www/www.cmdschool.org/index.bat echo www.cmdschool.org > /var/www/www.cmdschool.org/exception/example.bat echo www.cmdschool.org > /var/www/www.cmdschool.org/exception/example.exe
2.4.4 测试html类型的文件访问
curl http://www.cmdschool.org/index.html
命令显示如下,
www.cmdschool.org
2.4.5 测试bat类型的文件访问
curl http://www.cmdschool.org/index.bat
命令显示如下,
<html> <head><title>410 Gone</title></head> <body> <center><h1>410 Gone</h1></center> <hr><center>nginx/1.16.1</center> </body> </html>
2.4.5 测试特许的bat文件访问
curl http://www.cmdschool.org/exception/example.bat curl http://www.cmdschool.org/exception/example.ext
命令显示如下,
www.cmdschool.org
没有评论