Mercurial > hg > nginx-site
view xml/en/docs/http/ngx_http_access_module.xml @ 2846:fdf1464e1977
Moved banner to the external file to make partial rollout possible.
An idea is to have several banners and show them with different probability
specified by split directive in the nginx.conf
author | Sergey Budnevitch <sb@waeme.net> |
---|---|
date | Tue, 10 May 2022 18:07:27 +0400 |
parents | a7974b8d2a23 |
children | 9eadb98ec770 |
line wrap: on
line source
<?xml version="1.0"?> <!-- Copyright (C) Igor Sysoev Copyright (C) Nginx, Inc. --> <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> <module name="Module ngx_http_access_module" link="/en/docs/http/ngx_http_access_module.html" lang="en" rev="4"> <section id="summary"> <para> The <literal>ngx_http_access_module</literal> module allows limiting access to certain client addresses. </para> <para> Access can also be limited by <link doc="ngx_http_auth_basic_module.xml">password</link>, by the <link doc="ngx_http_auth_request_module.xml">result of subrequest</link>, or by <link doc="ngx_http_auth_jwt_module.xml">JWT</link>. Simultaneous limitation of access by address and by password is controlled by the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive. </para> </section> <section id="example" name="Example Configuration"> <para> <example> location / { deny 192.168.1.1; allow 192.168.1.0/24; allow 10.1.1.0/16; allow 2001:0db8::/32; deny all; } </example> </para> <para> The rules are checked in sequence until the first match is found. In this example, access is allowed only for IPv4 networks <literal>10.1.1.0/16</literal> and <literal>192.168.1.0/24</literal> excluding the address <literal>192.168.1.1</literal>, and for IPv6 network <literal>2001:0db8::/32</literal>. In case of a lot of rules, the use of the <link doc="ngx_http_geo_module.xml">ngx_http_geo_module</link> module variables is preferable. </para> </section> <section id="directives" name="Directives"> <directive name="allow"> <syntax> <value>address</value> | <value>CIDR</value> | <literal>unix:</literal> | <literal>all</literal></syntax> <default/> <context>http</context> <context>server</context> <context>location</context> <context>limit_except</context> <para> Allows access for the specified network or address. If the special value <literal>unix:</literal> is specified (1.5.1), allows access for all UNIX-domain sockets. </para> </directive> <directive name="deny"> <syntax> <value>address</value> | <value>CIDR</value> | <literal>unix:</literal> | <literal>all</literal></syntax> <default/> <context>http</context> <context>server</context> <context>location</context> <context>limit_except</context> <para> Denies access for the specified network or address. If the special value <literal>unix:</literal> is specified (1.5.1), denies access for all UNIX-domain sockets. </para> </directive> </section> </module>