NGINX区域封锁并加白某IP

nginx.conf

user  nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    use epoll;
    worker_connections 51200;
    multi_accept on;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" "$http_host"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    server_names_hash_max_size 4096;
    server_names_hash_bucket_size 2048;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;
    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
    gzip on;
    gzip_min_length  1k;
    gzip_buffers     4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;
    gzip_vary on;
    gzip_proxied   expired no-cache no-store private auth;
    gzip_disable   "MSIE [1-6]\.";
    server_tokens off;
    geoip_country /usr/share/GeoIP/GeoIP.dat;
    fastcgi_param  COUNTRY_CODE "$geoip_country_code";
    fastcgi_param  HTTP_COUNTRY_CODE "$geoip_country_code";
    geo $remote_addr $ip_whitelist1 {
    default 0;
    include ip1.conf;
    }
    geo $remote_addr $ip_whitelist2 {
    default 0;
    include ip2.conf;
    }
    geo $remote_addr $ip_whitelist3 {
    default 0;
    include ip3.conf;
    }
    geo $remote_addr $ip_whitelist4 {
    default 0;
    include ip4.conf;
    }
    include /etc/nginx/conf.d/*.conf;
}
##################################################################################################################################################
ip.conf

1.1.1.1 1;
2.2.2.2 1;
3.3.3.3 1;
##################################################################################################################################################
server

server {
    listen 443 ssl;
    include domain/123.txt;
    ssl_certificate     ssl/123.crt;
    ssl_certificate_key ssl/123.key;
    access_log  /var/log/nginx/info.log main;
    location / {
	        if ($ip_whitelist1 = 1) {		    
                proxy_pass https://8.8.8.8;
                break;
                }
	        if ($geoip_country_code ~* (MO|SG|HK)) {
                return 403;
                }
	        if ($geoip_country_code !~* (MO|SG|HK)) {
                proxy_pass https://8.8.8.8;
                break;
                }
                index index.jsp index.htm index.html;
                proxy_redirect off;
                proxy_set_header Host $host;
                proxy_headers_hash_max_size 51200;
                proxy_headers_hash_bucket_size 6400;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header X-Real-IP  $remote_addr;
                proxy_set_header X-Forwarded-For $http_x_forwarded_for;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
##################################################################################################################################################

发表回复