Nginx 仅允许特定国家/地区的流量访问特定页面
我正在使用Nginx 仅允许特定国家/地区的流量访问特定页面,nginx,server,geoip,system-administration,Nginx,Server,Geoip,System Administration,我正在使用--with-http\u geoip\u模块来识别流量。有一些网页,我只希望某些国家访问。以下是配置: 对于http http{ geoip_country /usr/share/GeoIP/GeoIP.dat; # the country IP database map $geoip_country_code $allowed_country { default 0; US 1; UK 1;
--with-http\u geoip\u模块
来识别流量。有一些网页,我只希望某些国家访问。以下是配置:
对于http
http{
geoip_country /usr/share/GeoIP/GeoIP.dat; # the country IP database
map $geoip_country_code $allowed_country {
default 0;
US 1;
UK 1;
HK 1;
}
}
location
指令:
location = /testing {
if ($allowed_country = 0) {
return 301 ;
}
}
问题是,当我使用US
/HK
IPs时,我得到一个404错误。我做错了什么
更新
这是我完整的conf
文件:
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
geoip_country /usr/share/GeoIP/GeoIP.dat; # the country IP database
map $geoip_country_code $allowed_country {
default 0;
US 1;
UK 1;
HK 1;
}
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
index index.html index.htm;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
server_name localhost;
root /var/www/html;
include /etc/nginx/default.d/*.conf;
location / {
index index.php index.cgi index.pl index.html index.xhtml index.htm index.shtml;
try_files $uri $uri/ /index.php?$args;
}
# redirect server error pages to the static page /40x.html
#
error_page 404 /404.html;
location = /40x.html {
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
#ban specifc country
location = /testing {
if ($allowed_country = 0) {
return 301 ;
}
}
location ~ \.php$ {
### SET GEOIP Variables ###
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
try_files $uri $uri/ /index.php?$args;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
include conf/site.conf;
}
}
}
基本上,我只想要来自
美国
,英国
和香港
的访客访问/测试
页面。让我们从头开始。因为你没有说什么是你的操作系统,下面的所有步骤对于Debian/Ubuntu和CentOS/Fedora/RHEL都是分开的
1。连接到服务器:
首先,通过终端/控制台(在linux-ssh中)连接到服务器username@server_ip
)或腻子(在windows中)
2。验证GEOIP模块: 由于您已经安装了NGINX,请检查它是否使用
httpgeoimpodule
编译:
CentOS/Fedora/RHEL和Debian/Ubuntu:
nginx -V
sudo apt-get install geoip-database libgeoip1
yum install geoip geoip-devel -y
然后尝试使用-http\u geoip\u模块查找。如果存在,那么您可以继续,否则意味着您没有使用GeoIP Module
编译NGINX
3。安装GEOIP数据库:
Debian/Ubuntu:
nginx -V
sudo apt-get install geoip-database libgeoip1
yum install geoip geoip-devel -y
CentOS/Fedora/RHEL:
nginx -V
sudo apt-get install geoip-database libgeoip1
yum install geoip geoip-devel -y
它位于EPEL存储库中,因此您应该首先启用它:
CENTOS 4:
nginx -V
sudo apt-get install geoip-database libgeoip1
yum install geoip geoip-devel -y
32位:
rpm -Uvh http://download.fedoraproject.org/pub/epel/4/i386/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
64位:
rpm -Uvh http://download.fedoraproject.org/pub/epel/4/x86_64/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
CENTOS 5:
nginx -V
sudo apt-get install geoip-database libgeoip1
yum install geoip geoip-devel -y
32位:
rpm -Uvh http://download.fedoraproject.org/pub/epel/4/i386/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
64位:
rpm -Uvh http://download.fedoraproject.org/pub/epel/4/x86_64/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
CENTOS 6:
nginx -V
sudo apt-get install geoip-database libgeoip1
yum install geoip geoip-devel -y
32位:
rpm -Uvh http://download.fedoraproject.org/pub/epel/4/i386/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
64位:
rpm -Uvh http://download.fedoraproject.org/pub/epel/4/x86_64/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
CENTOS 7:
nginx -V
sudo apt-get install geoip-database libgeoip1
yum install geoip geoip-devel -y
64位:
rpm -Uvh http://download.fedoraproject.org/pub/epel/4/x86_64/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
然后:
nginx -V
sudo apt-get install geoip-database libgeoip1
yum install geoip geoip-devel -y
4。更新GeoIP数据库
安装GeoIP模块后,数据库将存储在/usr/share/GeoIP/GeoIP.dat
中,但它可能已过时。那么,让我们更新一下:
mv /usr/share/GeoIP/GeoIP.dat /usr/share/GeoIP/GeoIP.dat_bk
cd /usr/share/GeoIP/
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gunzip GeoIP.dat.gz
或者,您也可以从http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
,在您的计算机上提取,并作为GeoIP.dat
上传到/usr/share/GeoIP/
。如果您想在此处创建as,请不要忘记备份旧的GeoIP.dat
5。使用GeoIP配置NGINX
打开/etc/nginx/nginx.conf
(Ubuntu/Debian)或/etc/nginx/conf/nginx.conf
(CentOS/Fedora/RHEL)并将其放在http{}
中,在任何包含之前:
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default no;
US yes;
UK yes;
HK yes;
}
这并不妨碍国家的发展。我们只允许在每个国家设置$
现在,请打开您的virtualhost
进行配置(/etc/nginx/conf.d/YOURDOMAINHERE.conf
)-将其放入服务器{}
:
location /testing/ {
if ($allowed_country = no) {
return 403;
}
}
/testing/
是您可以从美国、英国和香港访问的网站路径
6。重新启动NGINX
它已经在CentOS和Debian VPS上进行了测试,并且正在运行。
希望这会对您有所帮助。您想要什么?显示完整的形态,404不是这个有限形态的一部分。非常感谢!在Ubuntu上也能运行,而且运行得很好。我需要用load_module“modules/ngx_http_geoip_module.so”加载geoip模块来启动并运行它在事件
块之前的我的服务器配置中的code>。此外,设置cron作业以保持geoip数据的更新可能是一个好主意。404 GeoLite遗留数据库于2019年1月2日停止使用。因此,链接应更改为主要更新:ngx\u mod\u http\u geoip
似乎与Geolite2数据库不兼容,因此。。。休斯顿。。。