nginx – 仅允许某些国家/地区的流量访问特定页面

Nginx 2019-07-28

我使用–with-http_geoip_module来识别流量.有些页面我只想让某个国家/地区访问.这是配置:

对于http

 http{
    geoip_country  /usr/share/GeoIP/GeoIP.dat; # the country IP database
    map $geoip_country_code $allowed_country {
            default 0;
            US 1;
            UK 1;
            HK 1; 

     }

  }

位置指令:

location = /testing {
            if ($allowed_country = 0) {

                    return 301 ;
              }
    }

问题是当我使用美国/香港IP时,我收到404错误.我做错了什么?

UPDATE

这是我完整的conf文件:

http {
include       /etc/nginx/mime.types;
default_type  application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

geoip_country  /usr/share/GeoIP/GeoIP.dat; # the country IP database

map $geoip_country_code $allowed_country {
        default 0;
        US 1;
        UK 1;
        HK 1; 

 }
sendfile        on;
#tcp_nopush     on;

#keepalive_timeout  0;
keepalive_timeout  65;

#gzip  on;

index   index.html index.htm;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

server {
    listen       80 default_server;
    server_name  localhost;
    root         /var/www/html;

    include /etc/nginx/default.d/*.conf;

    location / {
        index index.php index.cgi index.pl index.html index.xhtml index.htm index.shtml;
        try_files $uri $uri/ /index.php?$args;
    }

    # redirect server error pages to the static page /40x.html
    #
    error_page  404              /404.html;
    location = /40x.html {
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
    }

    #ban specifc country
    location = /testing {
        if ($allowed_country = 0) {

                return 301 ;
          }
     }


    location ~ \.php${
        ### SET GEOIP Variables ###
        fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
        fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
        fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;

        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
        return 404;

        }
            try_files $uri $uri/ /index.php?$args;
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
            fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi.conf;
            include conf/site.conf;
    } 

}
 }

基本上我只想访问美国,英国和香港的访问/测试页面.

最佳答案
我们从一开始就这样做.由于您没有说明您的操作系统是什么,因此Debian / Ubuntu和CentOS / Fedora / RHEL的所有步骤都将分开.

1.连接到服务器:

首先,通过终端/控制台(在linux中 – ssh username @ server_ip)或Putty(在windows中)连接到您的服务器.

2.验证GEOIP模块:

由于您已经安装了NGINX,请检查它是否使用HttpGeoipModule进行编译:

CentOS / Fedora / RHEL和Debian / Ubuntu:

 nginx -V

然后尝试找到–with-http_geoip_module.如果它存在则可以继续,否则意味着您没有使用GeoIP模块编译NGINX.

3.安装GEOIP数据库:

于Debian / Ubuntu:

sudo apt-get install geoip-database libgeoip1

CentOS的/ Fedora的/ RHEL:

它位于EPEL存储库中,因此您应首先启用它:

CENTOS 4:

32位:

rpm -Uvh http://download.fedoraproject.org/pub/epel/4/i386/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm

64位:

rpm -Uvh http://download.fedoraproject.org/pub/epel/4/x86_64/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm

CENTOS 5:

32位:

rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm

64位:

rpm -Uvh http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm

CENTOS 6:

32位:

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

64位:

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

CENTOS 7:

64位:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

然后:

yum install geoip geoip-devel -y

4.更新GeoIP数据库

安装GeoIP模块后,数据库将存储在/usr/share/GeoIP/GeoIP.dat中,但可能已过时.那么,让我们更新:

mv /usr/share/GeoIP/GeoIP.dat /usr/share/GeoIP/GeoIP.dat_bk

cd /usr/share/GeoIP/

wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz

gunzip GeoIP.dat.gz

或者,您也可以从http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz手动下载数据库,在您的计算机上解压缩并上传到/usr/share / GeoIP / as GeoIP.dat.如果你想在这里做,请不要忘记备份旧的GeoIP.dat.

5.使用GeoIP配置NGINX

打开/etc/nginx/nginx.conf(Ubuntu / Debian)或/etc/nginx/conf/nginx.conf(CentOS / Fedora / RHEL)并将其放在http {}中,然后再包含:

geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
    default no;
    US yes;
    UK yes;
    HK yes;
}

这不会阻止国家.我们只设置$allowed_country.

现在,请打开虚拟主机进行配置(/etc/nginx/conf.d/YOURDOMAINHERE.conf) – 将其置于服务器{}内:

location /testing/ {
    if ($allowed_country = no) {
        return 403;
    }
}

/ testing /是您的网站路径,可从美国,英国和香港访问.

6.重新启动NGINX

/etc/init.d/nginx reload

它在CentOS和Debian VPS上都经过测试,它正在运行.

希望这会帮助你.

相关文章

学习笔记:深入理解高性能代理服务器——Nginx
文章浏览阅读3.7k次,点赞2次,收藏5次。Nginx学习笔记一、N...
Docker配置nginx
文章浏览阅读1.7w次,点赞14次,收藏61次。我们在使用容器的...
Nginx如何实现404错误自动跳转到首页
文章浏览阅读1.4k次。当用户在访问网站的过程中遇到404错误时...
docker/docker-compose 部署 nginx+mysql+wordpress 实战
文章浏览阅读2.7k次。docker 和 docker-compose 部署 nginx+...
windows下nginx的安装使用及解决80端口被占用nginx不能启动的问题
文章浏览阅读1.3k次。5:再次启动nginx,可以正常启动,可以...
【Nginx篇】Nginx轻松上手
文章浏览阅读3.1w次,点赞105次,收藏182次。高性能:Nginx ...