我的 NginX 配置中有一个位置块,如下所示:
location /s/login {
allow 192.168.5.0/24;
deny all;
}
但这仅部分有效。使用外部 IP,他们会收到 403 错误,这是正确的,但在像 192.168.5.41 这样的内部 IP 上,我会收到 404 错误。但我想看看这个网站。整个配置文件如下所示:
8 server {
9 listen *:443 ssl;
10 server_name news.example.com;
11
12 root /var/www/test;
13
14 index index.php index.html index.htm index.nginx-debian.html;
15
16 location / {
17 # try to serve file directly, fallback to app.php
18 try_files $uri /index.php$is_args$args;
19 }
20
21 location ~ \.php$ {
22 include snippets/fastcgi-php.conf;
23 fastcgi_pass unix:/run/php/php7.0-fpm.sock;
24 }
25
26 location ~* ^/index.php {
27 # try_files $uri =404;
28 fastcgi_split_path_info ^(.+\.php)(/.+)$;
29 # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
30
31 fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
32 fastcgi_index index.php;
33 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
34
35 include fastcgi_params;
36
37 fastcgi_buffer_size 128k;
38 fastcgi_buffers 256 16k;
39 fastcgi_busy_buffers_size 256k;
40 fastcgi_temp_file_write_size 256k;
41 }
42
43 location /s/login {
44 allow 192.168.5.0/24;
45 deny all;
46 }
47
48 # Remove 'index.php' from the URL
编辑:内部 IP 的 access.log 条目如下所示:
192.168.5.41 - - [21/Jun/2018:08:13:59 +0200] "GET /s/login HTTP/1.1" 404 152 "https://news.example.com/s/contacts" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0"
对于这样的外部 IP:
178.197.230.117 - - [21/Jun/2018:08:21:59 +0200] "GET /s/login HTTP/1.1" 403 152 "-" "Mozilla/5.0 (Android 7.1.1; Mobile; rv:60.0) Gecko/60.0 Firefox/60.0"
在 error.log 中有很多这样的条目:
2018/06/21 08:35:12 [error] 52154#52154: *1 open() "/var/www/mautic/s/login" failed (2: No such file or directory), client: 192.168.5.41, server: news.example.com, request: "GET /s/login HTTP/1.1", host: "news.example.com"
如您所见,我没有查看日志文件。由于 error.log 中的条目,很清楚我做错了什么以及为什么会出现 404 错误。