Mercurial > hg > nginx-site
view xml/en/docs/http/ngx_http_access_module.xml @ 3099:9cfda14d0109 default tip
freenginx-1.27.4
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 03 Sep 2024 13:15:18 +0300 |
parents | 9eadb98ec770 |
children |
line wrap: on
line source
<?xml version="1.0"?> <!-- Copyright (C) Igor Sysoev Copyright (C) Nginx, Inc. --> <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> <module name="Module ngx_http_access_module" link="/en/docs/http/ngx_http_access_module.html" lang="en" rev="5"> <section id="summary"> <para> The <literal>ngx_http_access_module</literal> module allows limiting access to certain client addresses. </para> <para> Access can also be limited by <link doc="ngx_http_auth_basic_module.xml">password</link> or by the <link doc="ngx_http_auth_request_module.xml">result of subrequest</link>. Simultaneous limitation of access by address and by password is controlled by the <link doc="ngx_http_core_module.xml" id="satisfy"/> directive. </para> </section> <section id="example" name="Example Configuration"> <para> <example> location / { deny 192.168.1.1; allow 192.168.1.0/24; allow 10.1.1.0/16; allow 2001:0db8::/32; deny all; } </example> </para> <para> The rules are checked in sequence until the first match is found. In this example, access is allowed only for IPv4 networks <literal>10.1.1.0/16</literal> and <literal>192.168.1.0/24</literal> excluding the address <literal>192.168.1.1</literal>, and for IPv6 network <literal>2001:0db8::/32</literal>. In case of a lot of rules, the use of the <link doc="ngx_http_geo_module.xml">ngx_http_geo_module</link> module variables is preferable. </para> </section> <section id="directives" name="Directives"> <directive name="allow"> <syntax> <value>address</value> | <value>CIDR</value> | <literal>unix:</literal> | <literal>all</literal></syntax> <default/> <context>http</context> <context>server</context> <context>location</context> <context>limit_except</context> <para> Allows access for the specified network or address. If the special value <literal>unix:</literal> is specified (1.5.1), allows access for all UNIX-domain sockets. </para> </directive> <directive name="deny"> <syntax> <value>address</value> | <value>CIDR</value> | <literal>unix:</literal> | <literal>all</literal></syntax> <default/> <context>http</context> <context>server</context> <context>location</context> <context>limit_except</context> <para> Denies access for the specified network or address. If the special value <literal>unix:</literal> is specified (1.5.1), denies access for all UNIX-domain sockets. </para> </directive> </section> </module>