Fatal编程技术网
  • nginx/
  • Nginx 仅允许特定国家/地区的流量访问特定页面

Nginx 仅允许特定国家/地区的流量访问特定页面

nginx server

Nginx 仅允许特定国家/地区的流量访问特定页面,nginx,server,geoip,system-administration,Nginx,Server,Geoip,System Administration,我正在使用--with-http\u geoip\u模块来识别流量。有一些网页,我只希望某些国家访问。以下是配置: 对于http http{ geoip_country /usr/share/GeoIP/GeoIP.dat; # the country IP database map $geoip_country_code $allowed_country { default 0; US 1; UK 1;

我正在使用
--with-http\u geoip\u模块
来识别流量。有一些网页,我只希望某些国家访问。以下是配置:

对于
http

 http{
    geoip_country  /usr/share/GeoIP/GeoIP.dat; # the country IP database
    map $geoip_country_code $allowed_country {
            default 0;
            US 1;
            UK 1;
            HK 1; 

     }

  }

location
指令:

location = /testing {
            if ($allowed_country = 0) {

                    return 301 ;
              }
    }
问题是,当我使用
US
/
HK
IPs时,我得到一个404错误。我做错了什么

更新

这是我完整的
conf
文件:

http {
include       /etc/nginx/mime.types;
default_type  application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

geoip_country  /usr/share/GeoIP/GeoIP.dat; # the country IP database

map $geoip_country_code $allowed_country {
        default 0;
        US 1;
        UK 1;
        HK 1; 

 }
sendfile        on;
#tcp_nopush     on;

#keepalive_timeout  0;
keepalive_timeout  65;

#gzip  on;

index   index.html index.htm;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

server {
    listen       80 default_server;
    server_name  localhost;
    root         /var/www/html;

    include /etc/nginx/default.d/*.conf;

    location / {
        index index.php index.cgi index.pl index.html index.xhtml index.htm index.shtml;
        try_files $uri $uri/ /index.php?$args;
    }

    # redirect server error pages to the static page /40x.html
    #
    error_page  404              /404.html;
    location = /40x.html {
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
    }

    #ban specifc country
    location = /testing {
        if ($allowed_country = 0) {

                return 301 ;
          }
     }


    location ~ \.php$ {
        ### SET GEOIP Variables ###
        fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
        fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
        fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;

        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
        return 404;

        }
            try_files $uri $uri/ /index.php?$args;
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
            fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi.conf;
            include conf/site.conf;
    } 

}
 }
基本上,我只想要来自
美国
英国
香港
的访客访问
/测试
页面。

让我们从头开始。因为你没有说什么是你的操作系统,下面的所有步骤对于Debian/Ubuntu和CentOS/Fedora/RHEL都是分开的

1。连接到服务器: 首先,通过终端/控制台(在linux-
ssh中)连接到服务器username@server_ip
)或腻子(在windows中)

2。验证GEOIP模块: 由于您已经安装了NGINX,请检查它是否使用
httpgeoimpodule
编译:

CentOS/Fedora/RHEL和Debian/Ubuntu:

 nginx -V

sudo apt-get install geoip-database libgeoip1

yum install geoip geoip-devel -y
然后尝试使用-http\u geoip\u模块查找
。如果存在,那么您可以继续,否则意味着您没有使用
GeoIP Module
编译NGINX



3。安装GEOIP数据库:
Debian/Ubuntu:


 nginx -V



sudo apt-get install geoip-database libgeoip1



yum install geoip geoip-devel -y


CentOS/Fedora/RHEL:


 nginx -V



sudo apt-get install geoip-database libgeoip1



yum install geoip geoip-devel -y


它位于EPEL存储库中,因此您应该首先启用它:

CENTOS 4:


 nginx -V



sudo apt-get install geoip-database libgeoip1



yum install geoip geoip-devel -y


32位:


rpm -Uvh http://download.fedoraproject.org/pub/epel/4/i386/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm 


64位:


rpm -Uvh http://download.fedoraproject.org/pub/epel/4/x86_64/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm 



rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm 


CENTOS 5:


 nginx -V



sudo apt-get install geoip-database libgeoip1



yum install geoip geoip-devel -y


32位:


rpm -Uvh http://download.fedoraproject.org/pub/epel/4/i386/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm 


64位:


rpm -Uvh http://download.fedoraproject.org/pub/epel/4/x86_64/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm 



rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm 


CENTOS 6:


 nginx -V



sudo apt-get install geoip-database libgeoip1



yum install geoip geoip-devel -y


32位:


rpm -Uvh http://download.fedoraproject.org/pub/epel/4/i386/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm 


64位:


rpm -Uvh http://download.fedoraproject.org/pub/epel/4/x86_64/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm 



rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm 


CENTOS 7:


 nginx -V



sudo apt-get install geoip-database libgeoip1



yum install geoip geoip-devel -y


64位:


rpm -Uvh http://download.fedoraproject.org/pub/epel/4/x86_64/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm



rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm 



rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm 


然后:


 nginx -V



sudo apt-get install geoip-database libgeoip1



yum install geoip geoip-devel -y




4。更新GeoIP数据库
安装GeoIP模块后,数据库将存储在
/usr/share/GeoIP/GeoIP.dat
中,但它可能已过时。那么,让我们更新一下:


mv /usr/share/GeoIP/GeoIP.dat /usr/share/GeoIP/GeoIP.dat_bk

cd /usr/share/GeoIP/

wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz

gunzip GeoIP.dat.gz


或者,您也可以从
http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
,在您的计算机上提取,并作为
GeoIP.dat
上传到
/usr/share/GeoIP/
。如果您想在此处创建as,请不要忘记备份旧的
GeoIP.dat



5。使用GeoIP配置NGINX
打开
/etc/nginx/nginx.conf
(Ubuntu/Debian)或
/etc/nginx/conf/nginx.conf
(CentOS/Fedora/RHEL)并将其放在
http{}
中,在任何
包含之前:


geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
    default no;
    US yes;
    UK yes;
    HK yes;
}


这并不妨碍国家的发展。我们只允许在每个国家设置$

现在,请打开您的
virtualhost
进行配置(
/etc/nginx/conf.d/YOURDOMAINHERE.conf
)-将其放入
服务器{}


location /testing/ {
    if ($allowed_country = no) {
        return 403;
    }
}



/testing/
是您可以从美国、英国和香港访问的网站路径



6。重新启动NGINX


它已经在CentOS和Debian VPS上进行了测试,并且正在运行。


希望这会对您有所帮助。
您想要什么?显示完整的形态,404不是这个有限形态的一部分。非常感谢!在Ubuntu上也能运行,而且运行得很好。我需要用
load_module“modules/ngx_http_geoip_module.so”加载geoip模块来启动并运行它事件
块之前的我的服务器配置中的code>。此外,设置cron作业以保持geoip数据的更新可能是一个好主意。404 GeoLite遗留数据库于2019年1月2日停止使用。因此,链接应更改为主要更新:
ngx\u mod\u http\u geoip
似乎与Geolite2数据库不兼容,因此。。。休斯顿。。。