nginx动态添加访问白名单的方法

  geo $remote_addr $ip_whitelist {  default 0;  include ip_white.conf;  }

  location / {    if ($ip_whitelist = 1) {     break;    }    return 403;   }

  location /addip {  content_by_lua '    CLIENT_IP = ngx.req.get_headers()["X_real_ip"]  if CLIENT_IP == nil then   CLIENT_IP = ngx.req.get_headers()["X_Forwarded_For"]  end  if CLIENT_IP == nil then   CLIENT_IP = ngx.var.remote_addr  end  if CLIENT_IP == nil then   CLIENT_IP = "unknown"  end   ngx.header.content_type = "text/html;charset=UTF-8";   ngx.say("你的IP : "..CLIENT_IP.."<br/>");   os.execute("/opt/ngx_add.sh "..CLIENT_IP.."")   ngx.say("添加白名单完成，有效时间最长为2小时");  ';  }    

  #!/bin/bash  ngx_conf=/usr/local/nginx/conf/52os.net/ip_white.conf  ngx_back=/usr/local/nginx/conf/52os.net/ip_white.conf.default  result=`cat $ngx_conf |grep $1`    case $1 in    rec)   rm -rf $ngx_conf    cp $ngx_back $ngx_conf    /usr/local/nginx/sbin/nginx -s reload   ;;    *)   if [ -z "$result" ]    then     echo "#####add by web #####" >>$ngx_conf     echo "$1 1;" >> $ngx_conf     /usr/local/nginx/sbin/nginx -s reload    else     exit 0    fi  ;;  esac    

  chown root.root /usr/local/nginx/sbin/nginx  chmod 4755 /usr/local/nginx/sbin/nginx

代码如下:

printf "52os.net:$(openssl passwd -crypt 123456)n" >>/usr/local/nginx/conf/pass

  location /addip {       auth_basic "nginx auto addIP for 52os.net";     auth_basic_user_file /usr/local/nginx/conf/pass;      autoindex on;    

代码如下:

cp /usr/local/nginx/conf/52os.net/ip_white.conf /usr/local/nginx/conf/52os.net/ip_white.conf.default

  1 */2 * * * root /opt/ngx_add.sh rec