用Nginx屏蔽某些个URL的大陆IP访问+可以通过授权分享连接访问
导读
本博客屏蔽了部分大陆IP访问接口,使用了Nginx实现。要求/archives/lcn- 开头的文章禁止中国IP,但可通过分享连接访问;/archives/scn- 开头的文章不允许中国IP访问。被禁止后展示/ipnono页面。安装GeoIP2,下载Nginx模块并编译安装Nginx,编辑Nginx配置和反向代理,实现了要求。
本博客屏蔽了部分文章的大陆IP访问。这部分是使用Nginx实现的。需求如下:
/archives/lcn-
开头的文章禁止cnIP,但是可以通过分享连接访问/archives/scn-
开头的文章禁止cnIP被禁止后展示/ipnono页面(URL不变)
基于Nginx和宝塔面板
安装GeoIP2
sudo apt-get install libmaxminddb-dev
mkdir /usr/local/share/GeoIP
cd /usr/local/share/GeoIP
wget https://geolite.clash.dev/Country.mmdb
sudo apt-get install libmaxminddb-dev
下载Nginx模块
cd /usr/local
git clone https://github.com/leev/ngx_http_geoip2_module.git
编译安装Nginx
--add-module=/usr/local/ngx_http_geoip2_module
编辑Nginx配置
在HTTP模块加入
geoip2 /usr/local/share/GeoIP/Country.mmdb {
$geoip2_data_country_code country iso_code;
}
# 映射 MM
map $geoip2_data_country_code $allowed_country {
default yes;
no yes;
}
编辑反向代理
实现了:
/archives/lcn-
开头的禁止cnIP,但是可以通过分享连接访问/archives/scn-
开头的禁止cnIP
#PROXY-START/
set $ipipa "127.0.0.1";
location /
{
set $back66 "http://${ipipa}";
proxy_pass $back66;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
# proxy_hide_header Upgrade;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
set $static_filenUHy3gSX 0;
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
{
set $static_filenUHy3gSX 1;
expires 1m;
}
if ( $static_filenUHy3gSX = 0 )
{
add_header Cache-Control no-cache;
}
location ^~ /archives/lcn- {
set $backend "http://${ipipa}/$uri";
set $do_yaf 0;
if ($geoip2_data_country_code = CN) {
set $do_yaf 1;
}
if ($arg_auth != "3qxElFxr1") {
set $do_yaf "${do_yaf}1";
}
if ( $do_yaf = "11" ) {
set $backend "http://${ipipa}/ipnono";
}
set $do_yaf 0;
proxy_pass $backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
# proxy_hide_header Upgrade;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
set $static_filenUHy3gSX 0;
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" ) {
set $static_filenUHy3gSX 1;
expires 1m;
}
if ( $static_filenUHy3gSX = 0 ) {
add_header Cache-Control no-cache;
}
}
location ^~ /archives/scn- {
set $backend "http://${ipipa}/$uri";
set $do_yaf 0;
if ($geoip2_data_country_code = CN) {
set $do_yaf 1;
}
if ( $do_yaf = 1 ) {
set $backend "http://${ipipa}/ipnono";
}
set $do_yaf 0;
proxy_pass $backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_http_version 1.1;
# proxy_hide_header Upgrade;
add_header X-Cache $upstream_cache_status;
#Set Nginx Cache
set $static_filenUHy3gSX 0;
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" ) {
set $static_filenUHy3gSX 1;
expires 1m;
}
if ( $static_filenUHy3gSX = 0 ) {
add_header Cache-Control no-cache;
}
}
}
#PROXY-END/
版权声明:
本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自
ThinkIN!
喜欢就支持一下吧
打赏
微信
支付宝