[root@test-a nginx]# vim conf/vhost/abc.com.conf [root@test-a nginx]# cat conf/vhost/abc.com.conf server { listen 80; server_name abc.com ab.com a.com; index index.html index.htm index.php; root /data/wwwroot/abc.com; location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 7d; valid_referers none blocked server_names *.abc.com; # server_names 能夠不要 if ($invalid_referer){ return 403; } access_log off; } location ~ .*\.(js|css)$ { expires 12h; access_log off; } access_log /tmp/abc.com.log combined_realip; } [root@test-a nginx]# ./sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@test-a nginx]# ./sbin/nginx -s reload [root@test-a nginx]# curl -e "http://www.a.com" -x127.0.0.1:80 -I a.com/1.jpg HTTP/1.1 403 Forbidden Server: nginx/1.14.1 Date: Wed, 28 Nov 2018 07:02:37 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive [root@test-a nginx]# curl -e "http://www.abc.com" -x127.0.0.1:80 -I a.com/1.jpg HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Wed, 28 Nov 2018 07:02:45 GMT Content-Type: image/jpeg Content-Length: 4 Last-Modified: Wed, 28 Nov 2018 00:02:59 GMT Connection: keep-alive ETag: "5bfddb33-4" Expires: Wed, 05 Dec 2018 07:02:45 GMT Cache-Control: max-age=604800 Accept-Ranges: bytes
[root@test-a nginx]# curl -x192.168.77.139:80 -I a.com/admin/ # 配置前先訪問測試 HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Wed, 28 Nov 2018 07:18:18 GMT Content-Type: text/html Content-Length: 4 Last-Modified: Wed, 28 Nov 2018 07:14:46 GMT Connection: keep-alive ETag: "5bfe4066-4" Accept-Ranges: bytes [root@test-a nginx]# vim conf/vhost/abc.com.conf #配置 [root@test-a nginx]# cat conf/vhost/abc.com.conf server { listen 80; server_name abc.com ab.com a.com; index index.html index.htm index.php; root /data/wwwroot/abc.com; #if ($host != 'abc.com'){ # rewrite ^/(.*)$ http://abc.com/$1 permanent; #} location /admin/ { allow 127.0.0.1; deny all; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 7d; valid_referers none blocked server_names *.abc.com; if ($invalid_referer){ return 403; } access_log off; } location ~ .*\.(js|css)$ { expires 12h; access_log off; } access_log /tmp/abc.com.log combined_realip; } [root@test-a nginx]# ./sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@test-a nginx]# ./sbin/nginx -s reload [root@test-a nginx]# curl -x192.168.77.139:80 -I a.com/admin/ HTTP/1.1 403 Forbidden Server: nginx/1.14.1 Date: Wed, 28 Nov 2018 07:19:07 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive [root@test-a nginx]# curl -x127.0.0.1:80 -I a.com/admin/ HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Wed, 28 Nov 2018 07:19:20 GMT Content-Type: text/html Content-Length: 4 Last-Modified: Wed, 28 Nov 2018 07:14:46 GMT Connection: keep-alive ETag: "5bfe4066-4" Accept-Ranges: bytes
正則匹配進行控制,例如: 禁止訪問某目錄下的php文件php
# 配置前訪問測試 [root@test-a nginx]# curl -x127.0.0.1:80 -I a.com/upload/1.php HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Wed, 28 Nov 2018 07:33:58 GMT Content-Type: application/octet-stream Content-Length: 4 Last-Modified: Wed, 28 Nov 2018 07:33:22 GMT Connection: keep-alive ETag: "5bfe44c2-4" Accept-Ranges: bytes # 配置 [root@test-a nginx]# cat conf/vhost/abc.com.conf server { listen 80; server_name abc.com ab.com a.com; index index.html index.htm index.php; root /data/wwwroot/abc.com; #if ($host != 'abc.com'){ # rewrite ^/(.*)$ http://abc.com/$1 permanent; #} location ~ .*upload/.*\.php$ { return 403; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 7d; valid_referers none blocked server_names *.abc.com; if ($invalid_referer){ return 403; } access_log off; } location ~ .*\.(js|css)$ { expires 12h; access_log off; } access_log /tmp/abc.com.log combined_realip; } # 從新加載配置,再訪問測試 [root@test-a nginx]# ./sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@test-a nginx]# ./sbin/nginx -s reload [root@test-a nginx]# curl -x192.168.77.139:80 -I a.com/admin/ HTTP/1.1 403 Forbidden Server: nginx/1.14.1 Date: Wed, 28 Nov 2018 07:19:07 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive [root@test-a nginx]# curl -x127.0.0.1:80 -I a.com/admin/ HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Wed, 28 Nov 2018 07:19:20 GMT Content-Type: text/html Content-Length: 4 Last-Modified: Wed, 28 Nov 2018 07:14:46 GMT Connection: keep-alive ETag: "5bfe4066-4" Accept-Ranges: bytes
根據user_agent進行控制css
# 配置前測試 [root@test-a nginx]# curl -A "baidu" -x127.0.0.1:80 -I a.com/upload/1.txt HTTP/1.1 200 OK Server: nginx/1.14.1 Date: Wed, 28 Nov 2018 07:40:24 GMT Content-Type: text/plain Content-Length: 4 Last-Modified: Wed, 28 Nov 2018 07:33:17 GMT Connection: keep-alive ETag: "5bfe44bd-4" Accept-Ranges: bytes # 配置,加載配置,再訪問測試 [root@test-a nginx]# cat conf/vhost/abc.com.conf server { listen 80; server_name abc.com ab.com a.com; index index.html index.htm index.php; root /data/wwwroot/abc.com; if ($http_user_agent ~ 'baidu|testagent'){ return 403; } location ~ .*upload/.*\.php$ { return 403; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 7d; valid_referers none blocked server_names *.abc.com; if ($invalid_referer){ return 403; } access_log off; } location ~ .*\.(js|css)$ { expires 12h; access_log off; } access_log /tmp/abc.com.log combined_realip; } [root@test-a nginx]# ./sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@test-a nginx]# ./sbin/nginx -s reload [root@test-a nginx]# curl -A "baidu" -x127.0.0.1:80 -I a.com/upload/1.txt HTTP/1.1 403 Forbidden Server: nginx/1.14.1 Date: Wed, 28 Nov 2018 07:40:37 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive
# 配置前訪問測試 [root@test-a abc.com]# curl -x127.0.0.1:80 abc.com/index.php <?php echo "1111111111"; ?> # 配置 [root@test-a abc.com]# cd /usr/local/nginx/conf/vhost/ [root@test-a vhost]# vim abc.com.conf [root@test-a vhost]# cat abc.com.conf server { listen 80; server_name abc.com ab.com a.com; index index.html index.htm index.php; root /data/wwwroot/abc.com; if ($http_user_agent ~ 'baidu|testagent'){ return 403; } location ~ .*upload/.*\.php$ { return 403; } location ~ \.php$ { include fastcgi_params; fastcgi_pass unix:/tmp/php-fcgi.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /data/wwwroot/abc.com$fastcgi_script_name; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 7d; valid_referers none blocked server_names *.abc.com; if ($invalid_referer){ return 403; } access_log off; } location ~ .*\.(js|css)$ { expires 12h; access_log off; } access_log /tmp/abc.com.log combined_realip; } [root@test-a vhost]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@test-a vhost]# /usr/local/nginx/sbin/nginx -s reload [root@test-a vhost]# curl -x127.0.0.1:80 abc.com/index.php 1111111111[root@test-a vhost]#
# 配置前,想測試訪問baidu的robots.txt,結果訪問本地的robots.txt,本地不存在 [root@test-a vhost]# curl -x127.0.0.1:80 www.baidu.com/robots.txt <html> <head><title>404 Not Found</title></head> <body bgcolor="white"> <center><h1>404 Not Found</h1></center> <hr><center>nginx/1.14.1</center> </body> </html> # 添加代理服務配置 [root@test-a vhost]# vim proxy.conf [root@test-a vhost]# cat proxy.conf server { listen 80; server_name www.baidu.com; location / { proxy_pass http://61.135.169.125/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } [root@test-a vhost]# /usr/local/nginx/sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@test-a vhost]# /usr/local/nginx/sbin/nginx -s reload # 訪問測試,訪問的是baidu的robots.txt [root@test-a vhost]# curl -x127.0.0.1:80 www.baidu.com/robots.txt User-agent: Baiduspider Disallow: /baidu Disallow: /s? Disallow: /ulink? Disallow: /link? Disallow: /home/news/data/ User-agent: Googlebot Disallow: /baidu Disallow: /s? Disallow: /shifen/ Disallow: /homepage/ Disallow: /cpro Disallow: /ulink? Disallow: /link? Disallow: /home/news/data/ ...