nginx认证模块
Module ngx_http_auth_basic_module
Syntax: auth_basic string | off;
Default:
auth_basic off;
Context: http, server, location, limit_except
说明: string说明影响的范围,off只在当前的指定context中有效,不会被继承
Syntax: auth_basic_user_file file;
Default: —
Context: http, server, location, limit_except
Specifies a file that keeps user names and passwords, in the following format:
# comment
name1:password1
name2:password2:comment
name3:password3
使用htpasswd生成加密的密码文件
#htpasswd –help
Usage:
htpasswd [-cmdpsD] passwordfile username
htpasswd -b[cmdpsD] passwordfile username password
htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
//-b命令行输入用户密码
-c Create a new file.
-n Don't update file; display results on stdout.
-m Force MD5 encryption of the password.
-d Force CRYPT encryption of the password (default).
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
-b Use the password from the command line rather than prompting for it.
-D Delete the specified user.
example:
location / {
auth_basic "closed site";
auth_basic_user_file htpasswd; //默认在conf下
}
# htpasswd -cb htpasswd test 123
Adding password for user test
# cat htpasswd
test:89XzEEI/P0e56
输入错误的用户或密码,出现401认证失败
当auth_basic_user_file不正确,出现403错误,查看错误日志
403 Forbidden
403错误,表示资源不可用。服务器理解客户的请求,但拒绝处理它,通常由于服务器上文件或目录的权限设置导致的WEB访问错误。
nginx访问模块
Module ngx_http_access_module
Syntax: [allow|deny] address | CIDR | unix: | all;
Default: —
Context: http, server, location, limit_except
Allows access for the specified network or address. If the special value unix: is specified (1.5.1), allows access for all UNIX-domain sockets.
Example Configuration
location / {
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all;
}
deny的ip访问时,报403错误
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
