企业nginx配置高级URL白名单
#跳转旧站rewrite start
set $key '';
if ($http_user_agent !~* ".*(baiduspider|Baiduspider|Sogou web spider|YisouSpider).*") {
set $key '${key}s';
}
if ($query_string ~* "(action|viewnews).*") {
set $key '${key}o';
}
if ($key ~ "s"){
rewrite ^/(attachments/.*)$ http://www3.cdstm.cn/$1 permanent;
rewrite ^/(iask/index.php)$ http://www3.cdstm.cn/$1 permanent;
rewrite ^/(livecast/)$ http://www3.cdstm.cn/$1 permanent;
rewrite ^/(m.php.*)$ http://www3.cdstm.cn/$1 permanent;
rewrite ^/(viewactivity.php.*)$ http://www3.cdstm.cn/$1 permanent;
rewrite ^/(show.php.*)$ http://www3.cdstm.cn/$1 permanent;
rewrite ^/(tosciencemagazine.php.*)$ http://www3.cdstm.cn/$1 permanent;
rewrite ^/(batch.download.php.*)$ http://www3.cdstm.cn/$1 permanent;
rewrite ^/(action.*)$ http://www3.cdstm.cn/$1 permanent;
rewrite ^/(viewnews.*)$ http://www3.cdstm.cn/$1 permanent;
}
if ($key ~ "so"){
rewrite ^/(.*)$ http://www3.cdstm.cn/ permanent;
}
#跳转旧站rewrite end
set $keyword 'NO';
if ($query_string ~* "from") {
set $keyword PASS;
}
if ($query_string ~* ".*(hmsr|hmpl|hmcu|hmkw|hmci).*") {
set $keyword PASS;
}
#淘新闻白名单
if ($request_uri ~* ".*taonews.html") {
set $keyword PASS;
}
if ($query_string = ""){
set $keyword PASS;
}
if ($request_uri ~* "^/xnmy/") {
set $keyword PASS;
}
if ( $request_uri ~* "^/(museum/zphc|search|qwjs|subjects|frontier|activity|data/original)/.*") { set $keyword PASS;}
if ( $request_uri ~* "^/(index_third_login_986).*") { set $keyword PASS;}
if ( $query_string ~ "^loginFailed=1$") { set $keyword PASS;}
if ( $query_string ~ "^open_source=weibo_search$") { set $keyword PASS;}
if ( $query_string ~ "_wdxid") { set $keyword PASS;}
if ( $query_string ~ "^tdsourcetag=s_pctim_aiomsg$") { set $keyword PASS;}
if ( $query_string ~ "^tdsourcetag=s_pcqq_aiomsg$") { set $keyword PASS;}
if ($keyword = NO){
return 404;
}
======================
set $keyword 'PASS';
set $flag '';
if ($request_uri ~* "^(/zgkjg/ids/sendSMS.do)") {
set $keyword NO;
}
if ($keyword = NO){
return 403;
}
如果是NO则访问404.如果符合则PASS放行。
========================
需求,只允许111.202.138.0/24,111.205.30.0/24,/60.247.10.0/24访问,并且允许从https://www.cdstm.cn/等网站嵌套的方式访问,或者跳转。
set $keyword 'NO';
if ($remote_addr ~ "(111.202.138.[1-254]|111.205.30.[1-254]|60.247.10.[1-254])") {
set $keyword PASS;
}
if ($http_referer ~* "(^https://b1museum.cdstm.cn/|^https://www.cdstm.cn/|^https://amuseum.cdstm.cn/|https://www2.cdstm.cn/|https://b2museum.cdstm.cn/)") {
set $keyword PASS;
}
if ($keyword = NO){
return 404;
}
~
==========if ($remote_addr ~ "(^111.202.138.|^111.205.30.|^60.247.10.)") {
========= set $keyword PASS;
========== }
或者上面这样也行哈,以开头的方式。
============
set $keyword 'NO';
set $flag '';
if ($request_uri ~* "^(/crossdomain.xml|/mas/js/|/mas/css/|/mas/swf/|/mas/swf/videoplayer/TRSVideoPlayer.swf)") {
set $keyword PASS;
}
if ($request_uri ~* "^/mas/front/video/main.do"){
set $flag 'O';
}
if ($query_string ~* "method=exPlay"){
set $flag '${flag}K';
}
if ($query_string ~* "method=prePlay"){
set $flag "${flag}K";
}
if ($remote_addr ~ "(192.168.10.5|192.168.30.14|192.168.31.12|180.76.184.38|111.202.138|60.247.10|111.205.30|1.180.206|218.240.152|123.125.2)") {
set $keyword PASS;
}
if ($flag ~* "OK"){
set $keyword PASS;
}
if ($keyword = NO){
return 404;
}
有问题请加博主微信进行沟通!
全部评论