Home Operation and Maintenance Nginx Nginx access restrictions and security settings

Nginx access restrictions and security settings

Jun 10, 2023 pm 06:33 PM
nginx Security Settings restriction of visit

Nginx is a high-performance web server and reverse proxy with the characteristics of lightweight, high concurrency, flexible configuration, etc., and is widely used in production environments. However, because its construction process is relatively simple, it still faces some security issues, so access restrictions and security settings need to be set for Nginx.

1. Access restrictions

  1. IP restrictions

Nginx can restrict IP address access by configuring the allow and deny directives. For example, to only allow specific IP addresses to access Nginx, you can add the following code to the nginx.conf file:

location / {
    deny all;
    allow 192.168.1.100;
    allow 10.0.0.0/8;
    allow 172.16.0.0/12;
    allow 192.168.0.0/16;
}
Copy after login

The above code snippet means to deny all requests, and then allow the IP addresses 192.168.1.100 and 10.0 in sequence .0.0/8, 172.16.0.0/12, 192.168.0.0/16 requests. You can also set global allow and deny rules through the http directive in the configuration file.

  1. User-Agent restrictions

User-Agent is an identification string sent by an HTTP client such as a browser, which can be used to determine whether it is the visitor himself. Or an automated program. Nginx can restrict User-Agent by configuring the if directive and the $http_user_agent variable, for example:

if ($http_user_agent ~* (wget|curl))
{
    return 403;
}
Copy after login

This code means that if the User-Agent contains a wget or curl string, a 403 error code will be returned.

  1. Referer restrictions

Referer is a field in the HTTP request header, indicating the source address of the current request. Nginx can limit the Referer by configuring the if directive and the $http_referer variable, for example:

if ($http_referer ~* (baidu.com|google.com))
{
    return 403;
}
Copy after login

The meaning of this code is that if the Referer contains the baidu.com or google.com string, a 403 error code will be returned.

2. Security Settings

  1. HTTPS Protection

HTTPS can better protect the security of web applications compared to the HTTP protocol, because the data is The SSL/TLS encryption algorithm is used during the transmission process. HTTPS can be enabled by adding the following code to the Nginx configuration file:

server {
    listen 443 ssl;
    ssl_certificate /path/to/cert.crt;
    ssl_certificate_key /path/to/cert.key;
    ...
}
Copy after login

where ssl_certificate and ssl_certificate_key will use the SSL certificate and private key to implement the encryption of the HTTPS protocol Function.

  1. Restrict access to file directories

Nginx will expose all files and subdirectories under /etc/nginx/html by default to the website root directory, so access to the file directory needs to be restricted. You can add the following code to the nginx.conf configuration file to restrict directory access:

location / {
    root /path/to/root;
    index index.html;
    autoindex off;
    location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 1d;
        add_header Cache-Control "public";
    }
}
Copy after login

The above code means pointing the root directory of the website to /path/to/root, turning off the autoindex function, and restricting allowed access. file type and set the cache policy.

  1. Security Log

In order to detect attacks in time, it is recommended to enable the logging function of Nginx. You can add the following code to the nginx.conf configuration file to record access logs:

http {
    access_log /var/log/nginx/access.log;
    ...
}
Copy after login

where access_log is the storage path of Nginx access logs. Logs can be stored in local files or analyzed using log analysis tools such as ELK.

Summary

Nginx access restrictions and security settings are crucial to the security of web applications. Access can be restricted through IP restrictions, User-Agent restrictions, Referer restrictions and other measures. At the same time, The security of web applications can be improved by enabling HTTPS, restricting access to file directories, and security logs. However, it should be noted that these measures can only improve the security of Web applications but cannot completely guarantee their security. Therefore, regular updates of software versions and timely patching of vulnerabilities and other measures are needed to ensure the security of Web applications.

The above is the detailed content of Nginx access restrictions and security settings. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

How to configure nginx in Windows How to configure nginx in Windows Apr 14, 2025 pm 12:57 PM

How to configure Nginx in Windows? Install Nginx and create a virtual host configuration. Modify the main configuration file and include the virtual host configuration. Start or reload Nginx. Test the configuration and view the website. Selectively enable SSL and configure SSL certificates. Selectively set the firewall to allow port 80 and 443 traffic.

How to check the name of the docker container How to check the name of the docker container Apr 15, 2025 pm 12:21 PM

You can query the Docker container name by following the steps: List all containers (docker ps). Filter the container list (using the grep command). Gets the container name (located in the "NAMES" column).

How to start containers by docker How to start containers by docker Apr 15, 2025 pm 12:27 PM

Docker container startup steps: Pull the container image: Run "docker pull [mirror name]". Create a container: Use "docker create [options] [mirror name] [commands and parameters]". Start the container: Execute "docker start [Container name or ID]". Check container status: Verify that the container is running with "docker ps".

How to check whether nginx is started How to check whether nginx is started Apr 14, 2025 pm 01:03 PM

How to confirm whether Nginx is started: 1. Use the command line: systemctl status nginx (Linux/Unix), netstat -ano | findstr 80 (Windows); 2. Check whether port 80 is open; 3. Check the Nginx startup message in the system log; 4. Use third-party tools, such as Nagios, Zabbix, and Icinga.

How to create containers for docker How to create containers for docker Apr 15, 2025 pm 12:18 PM

Create a container in Docker: 1. Pull the image: docker pull [mirror name] 2. Create a container: docker run [Options] [mirror name] [Command] 3. Start the container: docker start [Container name]

How to check nginx version How to check nginx version Apr 14, 2025 am 11:57 AM

The methods that can query the Nginx version are: use the nginx -v command; view the version directive in the nginx.conf file; open the Nginx error page and view the page title.

How to configure cloud server domain name in nginx How to configure cloud server domain name in nginx Apr 14, 2025 pm 12:18 PM

How to configure an Nginx domain name on a cloud server: Create an A record pointing to the public IP address of the cloud server. Add virtual host blocks in the Nginx configuration file, specifying the listening port, domain name, and website root directory. Restart Nginx to apply the changes. Access the domain name test configuration. Other notes: Install the SSL certificate to enable HTTPS, ensure that the firewall allows port 80 traffic, and wait for DNS resolution to take effect.

How to start nginx server How to start nginx server Apr 14, 2025 pm 12:27 PM

Starting an Nginx server requires different steps according to different operating systems: Linux/Unix system: Install the Nginx package (for example, using apt-get or yum). Use systemctl to start an Nginx service (for example, sudo systemctl start nginx). Windows system: Download and install Windows binary files. Start Nginx using the nginx.exe executable (for example, nginx.exe -c conf\nginx.conf). No matter which operating system you use, you can access the server IP

See all articles