nginx forbids ip direct access
Method 1, ban
#If other people visit your website through ip or unknown domain name, you want to disable any valid content, you can return 500 to them
server {
listen 80 default;
server_name _;
return 500;
}
#Open the configuration of one or more real domain names that you want to access. The settings are as follows:
server {
linten 80;
server_name www.domain.com;
}Method 2, jump
#If other people visit your website through ip or unknown domain name, you want to disable the display of any valid content, and you can jump to the normal domain name access
server {
listen 80 dufault;
server_name _;
rewrite ^(.*) http://www.domain.net permanent;
}
#Open the configuration of one or more real domain names that you want to access. The settings are as follows:
server {
linten 80;
server_name www.domain.com;
}About rewrite:
| rewrite | regex | replacement | flag |
|---|---|---|---|
| Keyword | regular | Alternative content | flag marker |
| The keyword error log cannot be changed | perl compatible regular expression statement for rule matching | Replace regular match with replacement | flag tags supported by rewrite |
flag Mark Description:
last #After this rule is matched, continue to match the new location URI rule downward
break #This rule will terminate upon completion of matching, and will not match any later rules
redirect #Return 302 temporary redirection, the browser address will display the URL address after the jump
permanent #Return 301 permanent redirection, the browser address bar will display the URL after jumpLimit download speed
location /download {
limit_rate 128k;
}
#If you want to set the user to download the file before10m No speed limit in large hours, greater than10m Later on128kb/s The following configuration can be added and modified for speed limit nginx.conf file
location /download {
limit_rate_after 10m;
limit_rate 128k;
} Limit link concurrency
HttpLimitZoneModule limit concurrent connection instances
The limit zone can only be defined in the http scope, and the limit conn can be defined in the http server location scope
http {
limit_conn_zone $binary_remote_addr zone = conn:10m;
#Define a limit ﹣ conn ﹣ zone named conn to store the session. The size is 10M memory and 1M can store 16000 states;
#$binary "remote" addr is to restrict the same client ip address;
#$server name is the maximum concurrent number of the same server;
limit_req_zone $binary_remote_addr zone=allips:10m rate=20r/s;
#Define a limit ﹣ req ﹣ zone called "permits" to store session s. The size is 10M memory. 1M can store 16000 states. With $binary ﹣ remote ﹣ addr as the key, the limit is 20 requests per second on average. The value of rate must be an integer. If a request is limited to two seconds, it can be set to 30r/m
server{
location {
limit_conn conn 20;
#limit_conn is the number of concurrent connections;
limit_rate 500k;
#Limit rate is to limit the download speed;
limit_req zone=allips burst=5 nodelay;
#Limit the number of requests per ip second to no more than 20. burst is 5. burst means that if the number of requests in the first, second, third and fourth seconds is 19, the number of requests in the fifth second is 25. But if you have 25 requests in the first second, and more than 20 requests in the second second return 503 errors. Nodelay: if this option is not set, the average rate is strictly used to limit the number of requests. When there are 25 requests in the first second, 5 requests will be executed in the second. If nodelay is set, 25 requests will be executed in the first second.
}
}