Nginx > 通过 IP 限制访问不起作用

问题描述 投票:0回答:1

我想过滤Wordpress后端访问。 当我将以下指令添加到下面的代码中时,它显示所有 IP 地址的 403 错误。 即使我从我的 68.xx.xx.xxx VPN IP 地址访问该页面。

你猜为什么我的 IP 被封吗?

我添加了以下代码,用于限制对 Azure 应用程序的 Nginx 配置中某些 WP 文件夹或文件的访问。 :

location ~ ^/(wp-admin|wp-login\.php) {
       allow xx.xx.xx.xxx;
       deny all;               
   }

完整代码:

server {
        listen 80;
        ## Your website name goes here.
        server_name mywebsite;

        ## Your only path reference.
        root /var/www/wordpress;
        ## This should be in your http block and if it is, it's not needed here.
        index index.php;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        # Add locations of phpmyadmin here.
        location /phpmyadmin {
                root /home/;
                index index.php index.html index.htm;
                location ~ ^/phpmyadmin/(.+\.php)$ {
                        try_files $uri =404;
                        root /home/;
                        fastcgi_pass unix:/var/run/php/php-fpm.sock;
                        fastcgi_index index.php;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        include /etc/nginx/fastcgi_params;
                }
                location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                        root /home/;
                }
        }

        # Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
        sendfile off;
        set $skip_cache 0;

        # POST requests and urls with a query string should always go to PHP
        if ($request_method = POST) {
                set $skip_cache 1;
        }

        if ($query_string != "") {
                set $skip_cache 1;
        }

        # Don't cache uris containing the following segments
        if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
                set $skip_cache 1;
        }

        # Don't use the cache for logged in users or recent commenters
        if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
                set $skip_cache 1;
        }

        # Don't cache WooCommerce URLs
        # Cart widgets are still a problem: https://github.com/emcniece/docker-wordpress/issues/3
        if ($request_uri ~* "/(cart|checkout|my-account)/*$") {
                set $skip_cache 1;
        }

        location / {
                # This is cool because no php is touched for static content.
                # include the "?$args" part so non-default permalinks doesn't break when using query string
                try_files $uri $uri/ /index.php?$args;
        }

location ~ ^/(wp-admin|wp-login\.php) {
       allow xx.xx.xx.xxx;
       deny all;               
   }

        location ~* \.php$ {
                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                include fastcgi.conf;
                include fastcgi_params;
                fastcgi_intercept_errors on;
                fastcgi_pass php;

                fastcgi_read_timeout 300;
                fastcgi_cache_bypass $skip_cache;
                fastcgi_no_cache $skip_cache;
                fastcgi_cache off;
                fastcgi_cache_valid 60m;                
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
}
linux wordpress nginx azure-web-app-service ip
1个回答
0
投票

我已经尝试过与您尝试过的相同操作,并对上面给出的代码进行了一些更改。在给定的代码中,一切看起来都不错,但是,我只是更改了语法格式,您可以在下面检查。

location
块的修改:

location ~ ^/(wp-admin|wp-login\.php) {
    allow 68.84.18.107; # Replace with your actual IP address
    deny all;
    include fastcgi_params; # Make sure to include this line
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # Include this line as well if not already present
    fastcgi_pass php;
}
  • 在webapp中转到网络>访问限制这里我已根据我的要求在高级工具站点中配置了网络IP地址访问限制。

enter image description here

  • 重新加载或重启Nginx以使配置生效。 
    sudo service nginx reload

这里是完整代码供参考。

server {
    listen 80;
    listen [::]:80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://erp.uni.mk$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name yourdomain.com;

    ssl_certificate "/etc/nginx/ssl/ca_full.crt";
    ssl_certificate_key "/etc/nginx/ssl/private.key";

    # SSL configuration

    location / {
        # Your existing configuration for the main site
        # ...
    }

    location ~ ^/(wp-admin|wp-login\.php) {
        allow xx.xx.xx.xxx;  # Replace with your allowed IP address
        deny all;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass php;
    }

    location ~* \.php$ {
        include fastcgi.conf;
        include fastcgi_params;
        fastcgi_intercept_errors on;
        fastcgi_pass php;
        fastcgi_read_timeout 300;
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        fastcgi_cache off;
        fastcgi_cache_valid 60m;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }
}

限制: enter image description here

重定向: enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.