Nginx access restrictions and security settings
Nginx is a high-performance web server and reverse proxy with the characteristics of lightweight, high concurrency, flexible configuration, etc., and is widely used in production environments. However, because its construction process is relatively simple, it still faces some security issues, so access restrictions and security settings need to be set for Nginx.
1. Access restrictions
- IP restrictions
Nginx can restrict IP address access by configuring the allow and deny directives. For example, to only allow specific IP addresses to access Nginx, you can add the following code to the nginx.conf file:
location / { deny all; allow 192.168.1.100; allow 10.0.0.0/8; allow 172.16.0.0/12; allow 192.168.0.0/16; }
The above code snippet means to deny all requests, and then allow the IP addresses 192.168.1.100 and 10.0 in sequence .0.0/8, 172.16.0.0/12, 192.168.0.0/16 requests. You can also set global allow and deny rules through the http directive in the configuration file.
- User-Agent restrictions
User-Agent is an identification string sent by an HTTP client such as a browser, which can be used to determine whether it is the visitor himself. Or an automated program. Nginx can restrict User-Agent by configuring the if directive and the $http_user_agent variable, for example:
if ($http_user_agent ~* (wget|curl)) { return 403; }
This code means that if the User-Agent contains a wget or curl string, a 403 error code will be returned.
- Referer restrictions
Referer is a field in the HTTP request header, indicating the source address of the current request. Nginx can limit the Referer by configuring the if directive and the $http_referer variable, for example:
if ($http_referer ~* (baidu.com|google.com)) { return 403; }
The meaning of this code is that if the Referer contains the baidu.com or google.com string, a 403 error code will be returned.
2. Security Settings
- HTTPS Protection
HTTPS can better protect the security of web applications compared to the HTTP protocol, because the data is The SSL/TLS encryption algorithm is used during the transmission process. HTTPS can be enabled by adding the following code to the Nginx configuration file:
server { listen 443 ssl; ssl_certificate /path/to/cert.crt; ssl_certificate_key /path/to/cert.key; ... }
where ssl_certificate
and ssl_certificate_key
will use the SSL certificate and private key to implement the encryption of the HTTPS protocol Function.
- Restrict access to file directories
Nginx will expose all files and subdirectories under /etc/nginx/html
by default to the website root directory, so access to the file directory needs to be restricted. You can add the following code to the nginx.conf configuration file to restrict directory access:
location / { root /path/to/root; index index.html; autoindex off; location ~* .(jpg|jpeg|png|gif|ico|css|js)$ { expires 1d; add_header Cache-Control "public"; } }
The above code means pointing the root directory of the website to /path/to/root, turning off the autoindex function, and restricting allowed access. file type and set the cache policy.
- Security Log
In order to detect attacks in time, it is recommended to enable the logging function of Nginx. You can add the following code to the nginx.conf configuration file to record access logs:
http { access_log /var/log/nginx/access.log; ... }
where access_log
is the storage path of Nginx access logs. Logs can be stored in local files or analyzed using log analysis tools such as ELK.
Summary
Nginx access restrictions and security settings are crucial to the security of web applications. Access can be restricted through IP restrictions, User-Agent restrictions, Referer restrictions and other measures. At the same time, The security of web applications can be improved by enabling HTTPS, restricting access to file directories, and security logs. However, it should be noted that these measures can only improve the security of Web applications but cannot completely guarantee their security. Therefore, regular updates of software versions and timely patching of vulnerabilities and other measures are needed to ensure the security of Web applications.
The above is the detailed content of Nginx access restrictions and security settings. For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

How to configure Nginx in Windows? Install Nginx and create a virtual host configuration. Modify the main configuration file and include the virtual host configuration. Start or reload Nginx. Test the configuration and view the website. Selectively enable SSL and configure SSL certificates. Selectively set the firewall to allow port 80 and 443 traffic.

You can query the Docker container name by following the steps: List all containers (docker ps). Filter the container list (using the grep command). Gets the container name (located in the "NAMES" column).

Docker container startup steps: Pull the container image: Run "docker pull [mirror name]". Create a container: Use "docker create [options] [mirror name] [commands and parameters]". Start the container: Execute "docker start [Container name or ID]". Check container status: Verify that the container is running with "docker ps".

How to confirm whether Nginx is started: 1. Use the command line: systemctl status nginx (Linux/Unix), netstat -ano | findstr 80 (Windows); 2. Check whether port 80 is open; 3. Check the Nginx startup message in the system log; 4. Use third-party tools, such as Nagios, Zabbix, and Icinga.

Create a container in Docker: 1. Pull the image: docker pull [mirror name] 2. Create a container: docker run [Options] [mirror name] [Command] 3. Start the container: docker start [Container name]

The methods that can query the Nginx version are: use the nginx -v command; view the version directive in the nginx.conf file; open the Nginx error page and view the page title.

How to configure an Nginx domain name on a cloud server: Create an A record pointing to the public IP address of the cloud server. Add virtual host blocks in the Nginx configuration file, specifying the listening port, domain name, and website root directory. Restart Nginx to apply the changes. Access the domain name test configuration. Other notes: Install the SSL certificate to enable HTTPS, ensure that the firewall allows port 80 traffic, and wait for DNS resolution to take effect.

Starting an Nginx server requires different steps according to different operating systems: Linux/Unix system: Install the Nginx package (for example, using apt-get or yum). Use systemctl to start an Nginx service (for example, sudo systemctl start nginx). Windows system: Download and install Windows binary files. Start Nginx using the nginx.exe executable (for example, nginx.exe -c conf\nginx.conf). No matter which operating system you use, you can access the server IP
