我想过滤Wordpress后端访问。 当我将以下指令添加到下面的代码中时,它显示所有 IP 地址的 403 错误。 即使我从我的 68.xx.xx.xxx VPN IP 地址访问该页面。
你猜为什么我的 IP 被封吗?
我添加了以下代码,用于限制对 Azure 应用程序的 Nginx 配置中某些 WP 文件夹或文件的访问。 :
location ~ ^/(wp-admin|wp-login\.php) {
allow xx.xx.xx.xxx;
deny all;
}
完整代码:
server {
listen 80;
## Your website name goes here.
server_name mywebsite;
## Your only path reference.
root /var/www/wordpress;
## This should be in your http block and if it is, it's not needed here.
index index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Add locations of phpmyadmin here.
location /phpmyadmin {
root /home/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /home/;
fastcgi_pass unix:/var/run/php/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /home/;
}
}
# Disable sendfile as per https://docs.vagrantup.com/v2/synced-folders/virtualbox.html
sendfile off;
set $skip_cache 0;
# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
set $skip_cache 1;
}
if ($query_string != "") {
set $skip_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
}
# Don't cache WooCommerce URLs
# Cart widgets are still a problem: https://github.com/emcniece/docker-wordpress/issues/3
if ($request_uri ~* "/(cart|checkout|my-account)/*$") {
set $skip_cache 1;
}
location / {
# This is cool because no php is touched for static content.
# include the "?$args" part so non-default permalinks doesn't break when using query string
try_files $uri $uri/ /index.php?$args;
}
location ~ ^/(wp-admin|wp-login\.php) {
allow xx.xx.xx.xxx;
deny all;
}
location ~* \.php$ {
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi.conf;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass php;
fastcgi_read_timeout 300;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache off;
fastcgi_cache_valid 60m;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
我已经尝试过与您尝试过的相同操作,并对上面给出的代码进行了一些更改。在给定的代码中,一切看起来都不错,但是,我只是更改了语法格式,您可以在下面检查。
对
location
块的修改:
location ~ ^/(wp-admin|wp-login\.php) {
allow 68.84.18.107; # Replace with your actual IP address
deny all;
include fastcgi_params; # Make sure to include this line
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # Include this line as well if not already present
fastcgi_pass php;
}
sudo service nginx reload
这里是完整代码供参考。
server {
listen 80;
listen [::]:80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://erp.uni.mk$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name yourdomain.com;
ssl_certificate "/etc/nginx/ssl/ca_full.crt";
ssl_certificate_key "/etc/nginx/ssl/private.key";
# SSL configuration
location / {
# Your existing configuration for the main site
# ...
}
location ~ ^/(wp-admin|wp-login\.php) {
allow xx.xx.xx.xxx; # Replace with your allowed IP address
deny all;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
}
location ~* \.php$ {
include fastcgi.conf;
include fastcgi_params;
fastcgi_intercept_errors on;
fastcgi_pass php;
fastcgi_read_timeout 300;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache off;
fastcgi_cache_valid 60m;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
限制:
重定向: