我们知道在nginx中可以禁用某个ip或者某个ip段来访问网站
很简单只需要在nginx中加入
deny ip即可
但是如果网站使用了cdn后,还这么操作不仅不能防止某些ip访问,还有可能误伤友军
因为这个时候ip是cdn的节点ip
而我们要做的是禁用恶意网友的真实访问ip,如何操作呢?
首先在`nginx.conf`中加入以下代码
```
http {
include mime.types;
default_type application/octet-stream;
log_format main '"$http_x_forwarded_for" "$clientRealIp" - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" cdn节点ip->$remote_addr ';
map $http_x_forwarded_for $clientRealIp {
"" $remote_addr;
~^(?P
}
```
然后新增文件
```
[root@iZbp1fna7ky0qz2jbj7gfpZ conf]# pwd
/usr/local/nginx/conf
[root@iZbp1fna7ky0qz2jbj7gfpZ conf]# cat deny_ip.conf
if ($clientRealIp ~* "117.143.124.115|222.66.149.90|121.42.0.19") {
return 403;
break;
}
```
然后在`www.yuanchengzhushou.cn.conf`中加入
```
include deny_ip.conf;
```
再重启nginx即可
```
nginx -t
nginx -s reload
```
看看效果
```
"117.143.124.115" "117.143.124.115" - - [20/Apr/2021:23:27:21 +0800] "GET /article/7936.html HTTP/1.1" 403 570 "https://www.yuanchengzhushou.cn/article/7900.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36" cdn节点ip->59.36.119.251
```
