NGINX 筆記 - GeoIP 限制策略配置
nginx.conf
通過模塊 map 與 geopip 組合配置實現GeoIP區域限制,如以下示例:
- 組合
$http_host#$geoip_country_code作爲國家機構代碼 hash key; - 組合
$http_host#$geoip_city作爲城市代碼 hash key; - 開啓
hostnames匹配泛域名(可根據需要配置);
map $http_host#$geoip_country_code $site_country {
hostnames;
default 0;
www.kangzy.com# 1;
*.kangzy.com# 0;
*.kangzy.com#CN 1;
}
#
map $http_host#$geoip_city $site_city {
hostnames;
default 0;
www.kangzy.com# 0;
*.kangzy.com# 0;
*.kangzy.com#changsha 1;
}
第一個map配置塊:
- 對未匹配到任意國家的
www.kangzy.com設置爲1; - 對未匹配到任意國家的
*.kangzy.com設置爲0; - 匹配到國家
CN的*.kangzy.com設置爲1;
第二個map配置塊:
- 對未匹配到任意城市的
www.kangzy.com設置爲0; - 對未匹配到任意城市的
*.kangzy.com設置爲0; - 匹配到城市
CN的*.kangzy.com設置爲1;
map
map_hash_bucket_size 128;
map_hash_max_size 45948;
測試
# curl -v http://www.kangzy.com/ --resolve www.kangzy.com:80:A.B.C.E
會根據當前IP輸出以下信息:
# curl -v http://www.kangzy.com/ --resolve www.kangzy.com:80:A.B.C.E
* Added www.kangzy.com:80:A.B.C.E to DNS cache
* About to connect() to www.kangzy.com port 80 (#0)
* Trying A.B.C.E...
* Connected to www.kangzy.com (A.B.C.E) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_0 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A334 Safari/7534.48.3
> Host: www.kangzy.com
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
> Accept-Encoding: gzip, deflate, sdch, br
> Accept-Language: zh-CN,zh;q=0.8
> Connection: keep-alive
>
< HTTP/1.1 200 OK
< Server: rednetcloud/3.0.9
< Date: Fri, 23 Nov 2018 04:58:27 GMT
< Content-Type: text/plain
< Transfer-Encoding: chunked
< Connection: keep-alive
<
Host: www.kangzy.com Server: www.kangzy.com Country: CN City: Changsha Region: 11 Allow: 1 1
其中輸出內容中
Host: www.kangzy.com Server: www.kangzy.com Country: CN City: Changsha Region: 11 Allow: 1 1
分別輸出 $http_host $server_name $geoip_country_code $geoip_city $site_country $site_city.