geoip

geoip

关注
发信
关注(28)粉丝(399)

只允许某些国家的流量访问特定页面

本文介绍了只允许某些国家的流量访问特定页面的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用 --with-http_geoip_module 来识别流量.有些页面我只希望某些国家/地区访问.这是配置:

I am using --with-http_geoip_module for identify traffic. There are some pages that I only want certain country to access. Here is configuration:

对于http

 http{
    geoip_country  /usr/share/GeoIP/GeoIP.dat; # the country IP database
    map $geoip_country_code $allowed_country {
            default 0;
            US 1;
            UK 1;
            HK 1;

     }

  }

location 指令:

location = /testing {
            if ($allowed_country = 0) {

                    return 301 ;
              }
    }

问题是当我使用 US/HK IP 时,我收到 404 错误.我做错了什么?

The problem is when I using US/HK IPs, I get a 404 error. What did I done wrong?

更新

这是我完整的conf文件:

http {
include       /etc/nginx/mime.types;
default_type  application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

access_log  /var/log/nginx/access.log  main;

geoip_country  /usr/share/GeoIP/GeoIP.dat; # the country IP database

map $geoip_country_code $allowed_country {
        default 0;
        US 1;
        UK 1;
        HK 1;

 }
sendfile        on;
#tcp_nopush     on;

#keepalive_timeout  0;
keepalive_timeout  65;

#gzip  on;

index   index.html index.htm;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

server {
    listen       80 default_server;
    server_name  localhost;
    root         /var/www/html;

    include /etc/nginx/default.d/*.conf;

    location / {
        index index.php index.cgi index.pl index.html index.xhtml index.htm index.shtml;
        try_files $uri $uri/ /index.php?$args;
    }

    # redirect server error pages to the static page /40x.html
    #
    error_page  404              /404.html;
    location = /40x.html {
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
    }

    #ban specifc country
    location = /testing {
        if ($allowed_country = 0) {

                return 301 ;
          }
     }


    location ~ \.php$ {
        ### SET GEOIP Variables ###
        fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
        fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
        fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;

        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        if (!-f $document_root$fastcgi_script_name) {
        return 404;

        }
            try_files $uri $uri/ /index.php?$args;
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
            fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi.conf;
            include conf/site.conf;
    }

}
 }

基本上我只希望来自 USUKHK 的访问者访问 /testing 页面.

Basically I want only visitor from US, UK and HK access /testing page.

推荐答案

让我们从头开始吧.由于您没有说明您的操作系统是什么,以下所有步骤将分别针对 Debian/Ubuntu 和 CentOS/Fedora/RHEL.

Let's do it from beginning. As you didn't said what is your OS, all steps below will be separated for both Debian/Ubuntu and CentOS/Fedora/RHEL.

首先,通过终端/控制台(在 Linux 中 - ssh username@server_ip)或 Putty(在 Windows 中)连接到您的服务器.

First of all, connect to your server by terminal/console (in linux - ssh username@server_ip) or Putty (in windows).

因为你已经安装了 NGINX,检查它是否是用 HttpGeoipModule 编译的:

As you have already installed NGINX check if it is compiled with the HttpGeoipModule:

CentOS/Fedora/RHEL 和 Debian/Ubuntu:

 nginx -V

然后尝试查找--with-http_geoip_module.如果存在,则可以继续,否则表示您尚未使用 GeoIP 模块 编译 NGINX.

And then try to find --with-http_geoip_module. If it exists then you can continue, else it means you have't compiled NGINX with GeoIP Module.

Debian/Ubuntu:

sudo apt-get install geoip-database libgeoip1

CentOS/Fedora/RHEL:

它在 EPEL 存储库中,因此您应该先启用它:

It is in EPEL repository, so you should enable it first:

CENTOS 4:

32 位:

rpm -Uvh http://download.fedoraproject.org/pub/epel/4/i386/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm

64 位:

rpm -Uvh http://download.fedoraproject.org/pub/epel/4/x86_64/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm

CENTOS 5:

32 位:

rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm

64 位:

rpm -Uvh http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm

CENTOS 6:

32 位:

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

64 位:

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

CENTOS 7:

64 位:

rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

那么:

yum install geoip geoip-devel -y

4.更新 GeoIP 数据库

安装 GeoIP 模块后,数据库将存储在 /usr/share/GeoIP/GeoIP.dat 但它可能已过时.所以,让我们更新:

4. Update GeoIP Database

After installing GeoIP Module, the database will be stored in /usr/share/GeoIP/GeoIP.dat but it could be outdated. So, let's update:

mv /usr/share/GeoIP/GeoIP.dat /usr/share/GeoIP/GeoIP.dat_bk

cd /usr/share/GeoIP/

wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz

gunzip GeoIP.dat.gz

或者,您也可以从 http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz 手动下载数据库,在您的计算机上提取并在 /usr/share/GeoIP/ 上传为 GeoIP.dat.如果你想在这里制作,不要忘记备份旧的 GeoIP.dat.

Or, alternatively, you can download manually the database from http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz, extract on you computer and upload in /usr/share/GeoIP/ as GeoIP.dat. Don't forget to make a backup of old GeoIP.dat if you want to make as here.

打开 /etc/nginx/nginx.conf (Ubuntu/Debian) 或 /etc/nginx/conf/nginx.conf (CentOS/Fedora/RHEL) 和把它放在 http {} 中,在任何 include 之前:

Open /etc/nginx/nginx.conf (Ubuntu/Debian) or /etc/nginx/conf/nginx.conf (CentOS/Fedora/RHEL) and place this inside http {}, before any include:

geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
    default no;
    US yes;
    UK yes;
    HK yes;
}

这不会阻止国家/地区.我们只设置了 $allowed_country.

This doesn't block countries. We only set $allowed_country.

现在,请打开您的 virtualhost 进行配置 (/etc/nginx/conf.d/YOURDOMAINHERE.conf) - 将其放在 server {}:

Now, please open your virtualhost to configure (/etc/nginx/conf.d/YOURDOMAINHERE.conf) - place this inside server {}:

location /testing/ {
    if ($allowed_country = no) {
        return 403;
    }
}

/testing/ 是您可以从美国、英国和香港访问的网站路径.

/testing/ is your website path which is accessible from US, UK and HK.

/etc/init.d/nginx reload

它已在 CentOS 和 Debian VPS 上进行了测试,并且可以正常工作.

希望对您有所帮助.

这篇关于只允许某些国家的流量访问特定页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

06-05 16:01
Powered by LMLPHP ©2024 geoip 0.032914