使用 Azure Wordpress for Linux Web App,我正在尝试修改 nginx conf.d 文件以通过 IP 地址限制对 wp-login.php 和 wp-admin 目录的访问。我尝试使用的指令似乎完全允许访问或完全拒绝访问,它似乎不尊重允许 xxxx;一点也不。
这是我放在服务器块中的代码:
location ~ ^(wp-admin|wp-login.php) {
try_files $uri $uri/ /index.php?$args;
index index.html index.htm index.php;
allow x.x.x.x;
deny all;
}
如果我只有否认一切;指令,一切都返回 403 禁止错误。如果我输入允许指令,我可以从任何 IP 地址访问它,而且它似乎永远不会抛出错误。
我在我的日志中注意到这正在显示:
278#278: *25 access forbidden by rule, client: 172.19.0.1, server: _, request: "GET /wp-admin HTTP/1.1", host: "myhostname.com"
并且这在 default.conf 文件中的我的服务器块之前:
upstream php {
#server unix:/tmp/php-cgi.socket;
server 127.0.0.1:9000;
}
这些事情是否正在发生,基本上使我所有的入站流量在 nginx 看来都来自同一个 IP 地址?有没有办法“传递下去”?
这是 default.conf 文件:
upstream php {
server unix:/var/run/php/php7.0-fpm.sock;
#server 127.0.0.1:9000;
}
server {
listen 80;
## Your website name goes here.
server_name _;
## Your only path reference.
root /home/site/wwwroot;
## This should be in your http block and if it is, it's not needed here.
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Add locations of phpmyadmin here.
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtual
sendfile off;
set $skip_cache 0;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
# Don't cache WooCommerce URLs
# Cart widgets are still a problem: https://github.com/emcniece/docker-wordpress/issues/3
if ($request_uri ~* "/(cart|checkout|my-account)/*$") {
set $skip_cache 1;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass php;
fastcgi_read_timeout 300;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 60m;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
我今天开始注意到我可以在 $_SERVER['HTTP_X_CLIENT_IP'] 的 PHP 变量下看到我想要的 IP 地址 --- 有没有办法在允许/拒绝选项下测试它,或者覆盖允许的值/deny 考虑使用这个其他值吗?例如:
if ($http_x_client_ip != x.x.x.x) {
return 403;
}