[资料]Nginx做IP访问限制以及正则规则

server {
listen 443;
root /webroot/;
server_name serverName;
access_log /data/log/nginx/access_web_domain.log main buffer=32k flush=5s;
charset utf-8;
client_max_body_size 200m; ssl on;
ssl_certificate /etc/ssl/server.cer;
ssl_certificate_key /etc/ssl/server.key;
ssl_client_certificate /etc/ssl/dvroot.cer;
ssl_session_timeout 5m;
ssl_protocols SSLv2 TLSv1 TLSv1.1 TLSv1.2;
#ssl_protocols SSLv2 SSLv3;
ssl_ciphers ALL:!ADH:!EXPORT:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on; #location / {
# root /webroot/;
# index index.html index.htm index.php;
#} error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
} # 正则例处处理
location /(group1|group2)/api {
allow all;
} # url rewrite
location / {
index index.php;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php/$1 last;
break;
}
allow XXX.XXX.XXX.XXX; #某某公司IP
deny all;
} # 图片，FLASH cache time
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ {
expires 30d;
} # js,css cache time
location ~ .*\.(js|css)?$ {
expires 6h;
} location ~ .*\.(php)?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index ThinkPHP.index;
include fcgi.conf;
} location ~ .+\.php($|/){
set $script $uri;
set $path_info "/";
if ($uri ~ "^(.+\.php)(/.+)") {
set $script $1;
set $path_info $2;
} fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php?IF_REWRITE=1;
include fcgi.conf;
fastcgi_param HTTPS on;
fastcgi_param PATH_INFO $path_info;
fastcgi_param SCRIPT_FILENAME $document_root/$script;
fastcgi_param SCRIPT_NAME $script;
}
}server {
listen 80;
server_name manage.vxinyou.com;
access_log /data/log/nginx/access_domain.log main buffer=32k flush=5s;
rewrite ^/(.*) https://$server_name/$1 permanent; #跳转到Https
}