Requirements
- Deny all ips.
- Allow specific ips ( public ip )
Prepare
0. Check your nginx
nginx -V1. If not Install or reinstall nginx with
--with-http_realip_module2. modified nginx.conf
http {
server {
(snip)
set_real_ip_from {from ip}; # IP range
real_ip_header X-Forwarded-For;
}
}
3. implement deny, allow ( server, or location )
server {
(snip)
deny all;
allow xxx.xxx.000.000/16
allow xxx.000.000.000/8
}
4. nginx restart or reload
Question
- what is {from ip}
if you using lb, or something proxy. you need to know that env internal ip.
- If using cdn.
- https://medium.com/@pahud/get-real-ip-coming-via-aws-cloudfront-and-elb-to-nginx-d418e5070976
[HOWTO] Get real IP coming via AWS CloudFront and ELB to nginx
Background
medium.com
- akami : You need turn on option in akmai console. and change real_ip
반응형
'Computer > Server' 카테고리의 다른 글
| summary of async, webflux (0) | 2022.08.04 |
|---|---|
| Webflux exchange 와 retrieve 의 차이 (0) | 2021.03.25 |
| [.htaccess] info/privacy 를 info/privacy.php 로 자동 연결해주기. (0) | 2017.03.09 |
| [socket.io] node.js 를 이용해서 소켓서버 구성시 알게 된것들. (0) | 2017.02.09 |
| 읽어보기 (0) | 2017.02.01 |
