即使我从允许的IP连接,下面的代码抛出一个403
location /railo-context/admin { allow 1.2.3.4 #my ip deny all; } 这是整个文件:
server { listen 8080; server_name $hostname; # root should be out of location blocks according to Nginx best practices root /opt/railo/tomcat/webapps/$host; # index files index index.htm index.html index.cfm index.cfml; location / { try_files $uri @rewrite; } # This block will catch static file requests, such as images, css, js # The ?: prefix is a 'non-capturing' mark, meaning we do not require # the pattern to be captured into $1 which should help improve performance location ~* \.(?:ico|css|js|gif|jpe?g|png|bmp|html|htm)$ { # Some basic cache-control for static files to be sent to the browser expires max; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; } location /railo-context/admin { # include the external ip of the server or any other fixed ip # in order to prevent access to Railo Admin by others allow 1.2.3.4; deny all; # include all proxy related settings from the proxy_params file include proxy_params; } location @rewrite { rewrite ^ /rewrite.cfm/$request_uri break; #include all proxy related settings from the proxy_params file include proxy_params; } # this prevents any aspx,php,jsp,cgi or perl files from being served location ~ \.(aspx|php|jsp|pl|cgi|perl|prl)$ { return 410; } # this prevents hidden files (beginning with a period) from being served location ~ /\. { access_log off; log_not_found off; deny all; } }
有什么确切的意图是有点不清楚,但尽可能的我最好的解释: allow 1.2.3.4 #my ip allow 1.2.3.4; #my ip allow 1.2.3.4; #my ip因为它缺less分号。
也,
location /railo-context/admin {
至
location /railo-context/admin/ {
这样它匹配的文件夹,并在它下面。