堆栈内存溢出
  简体   繁体   English

如何在nginx / django / python中拒绝对root的访问但允许子目录访问?

[英]How to deny access to root but allow subdirectory access in nginx / django / python?

 原文  2018-12-14 20:16:54       python/ django/ nginx

问题描述

My current nginx config looks like this: 我当前的nginx配置看起来像这样: 

server {
    listen       443 ssl http2 default_server;
    listen       [::]:443 ssl http2 default_server;
    server_name  _;
    root         /usr/share/nginx/html;

    ssl_certificate "PEM";
    ssl_certificate_key "PEM";
    # It is *strongly* recommended to generate unique DH parameters
    # Generate them with: openssl dhparam -out /etc/pki/nginx/dhparams.pem 2048
    #ssl_dhparam "/etc/pki/nginx/dhparams.pem";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
    ssl_prefer_server_ciphers on;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location / {
        proxy_pass http://127.0.0.1:80;
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}

# configuration of the server
server {
    # the port your site will be served on
    listen      80;
    # the domain name it will serve for
    server_name SERVER;
    charset     utf-8;

    # max upload size
    client_max_body_size 75M;   # adjust to taste

    # Finally, send all non-media requests to the Django server.
    location / {
        uwsgi_pass  django;
        include     /etc/nginx/uwsgi_params; 
        rewrite ^(/[^/]+)/frontend/$ $1/ last;
    }
}
]

I want to disallow access to root and allow access to subdirectory /dir1/. 我想禁止访问root并允许访问子目录/ dir1 /。 However, doing something like this doesn't work, because I get a duplicate location "/" issue (because of the way my https is set up). 但是,这样做是行不通的,因为我遇到了重复的位置“ /”问题(由于https的设置方式)。 Any suggestions? 有什么建议么? 

location ^~ /dir1/ {
    allow all;
}

location ^~ / { 
    deny all; 
}

1 个解决方案

解决方案1
 3  2018-12-14 20:24:29

You can try to define location with exact match (such locations takes priority over any other locations): 您可以尝试定义完全匹配的位置(此类位置优先于其他任何位置): 

location = / {
    deny all;
}

Note that this will not protect requests to any files at your root directory. 请注意,这不会保护对根目录中任何文件的请求。 To protect these files too, you can do something like 为了保护这些文件,您可以执行以下操作 

location ~^/[^/]+$ {
    deny all;
}

but this can interfere with your django routes. 但这会干扰您的Django路线。

In that case you can rewrite any root-level request your_domain/path to your_domain/path/ with this rewrite rule: 在这种情况下,您可以使用以下重写规则将任何根级别的请求your_domain/path重写为your_domain/path/ 

rewrite ^(/[^/]+)$ $1/ last;

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用Django在Nginx中将子目录作为根服务? - How to serve subdirectory as root in nginx using django? 如何访问 python 的子目录中的文件? - How to access files in a subdirectory in python? 如何在没有root访问权限的情况下部署nginx? - How to deploy nginx without root access? 如何从Python中的子目录访问模块 - How to access module from subdirectory in Python 如何使用Python授权/拒绝对Windows上的目录的写访问? - How to authorize/deny write access to a directory on Windows using Python? Django LoginRequired mixin始终拒绝访问 - Django LoginRequired mixin always deny access 拒绝使用Django频道访问未经身份验证的用户 - Deny access to unauthenticated users with django channels 如何从Django项目的根目录访问文件 - how to access a file from root of django project 如何使用Django在Nginx中设置子目录 - How do I set subdirectory in nginx with Django 如何从测试访问子目录 - How To Access Subdirectory from Tests
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM