使用PAC file结合ATS控制访问
2024-10-07 14:01:41
介绍:前面已经介绍了ATS的安装和PAC文件的写法格式,现在把nginx端口转发,pac file访问控制和ATS代理结合起来分别控制不同的机器访问不同URL权限的目的
效果如下
一、使用nginx端口转发
在机器192.168.43.85使用yum安装nginx
1.1 配置upstream
[root@localhost ~]# vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections ;
} http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout ;
types_hash_max_size ; include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/ngx_http/http.conf.*;
} stream {
# Module ngx_stream_core_module
preread_buffer_size 128k; # Keep default value.
preread_timeout 180s;
proxy_protocol_timeout 180s;
tcp_nodelay on; # Enables the use of the TCP_NODELAY option.
variables_hash_bucket_size ; # Keep default value.
variables_hash_max_size ; # Keep default value. # Module ngx_stream_log_module
log_format stream '[$time_iso8601] '
'$remote_addr '
'$protocol '
'"Status-Code: $status" '
'"Bytes-Sent: $bytes_sent" '
'"Bytes-Reveived: $bytes_received" '
'"Session-Time: $session_time" '
'"Upstream-Addr: $upstream_addr" '
'"Upstream-Bytes-Sent: $upstream_bytes_sent" '
'"Upstream-Bytes-Received: $upstream_bytes_received" '
'"Upstream-Connect-Time: $upstream_connect_time"';
access_log /var/log/nginx/stream.acc stream;
error_log /var/log/nginx/stream.err;
open_log_file_cache max=; # Module ngx_stream_proxy_module
proxy_buffer_size 128k; # Keep default value.
proxy_connect_timeout 180s;
proxy_download_rate ; # Keep default value.
proxy_next_upstream on; # Keep default value.
proxy_next_upstream_timeout ; # Keep default value.
proxy_next_upstream_tries ; # Keep default value.
proxy_protocol off; # Enables the PROXY protocol for connections to a proxied server.
proxy_timeout 180s;
proxy_upload_rate ; # Keep default value. # Module ngx_stream_upstream_module include /etc/nginx/include/stream.upstream; #配置upstrean的路径
include /etc/nginx/conf.d/ngx_stream/Proxy/stream.conf.*; #限制访问upstream的路径
1.2 配置转发
[root@localhost ~]# vim /etc/nginx/conf.d/ngx_stream/Proxy/stream.conf.proxy10001
server {
# include conf.d/ngx_stream/Proxy/include/http.ipallow.;
# Module ngx_stream_core_module
listen ; #监听80端口,
# Module ngx_stream_log_module
access_log /var/log/nginx/stream.proxy..acc stream;
error_log /var/log/nginx/stream.proxy..err;
# Module ngx_http_proxy_module
proxy_pass proxy10001; #转发
}
1.3 配置upstream的文件
[root@localhost ~]# vim /etc/nginx/include/stream.upstream
# Module ngx_stream_upstream_module
upstream proxy10001 {
server 45.77.246.61:;
}
1.4 重启nginx
[root@localhost ~]# nginx -s reload
[root@localhost ~]# netstat -ntlp |grep 8000
tcp 0.0.0.0: 0.0.0.0:* LISTEN /nginx: master
关闭防火墙和selinx
1.5 客户端配置查看
查看IP
二 结合pacfile
写一个PAC file,可以使用http下载
2.1 把PAC file 放在nginx的一个访问目录下
[root@localhost html]# pwd
/usr/share/nginx/html
[root@localhost html]# ll
-rw-r--r--. root root Jun : proxy10001.pac
2.2 配置文件
server {
# Module ngx_http_core_module
listen ;
# Module ngx_http_charset_module
charset utf-;
# Module ngx_http_log_module
access_log /var/log/nginx/ngx_http/http.pacfiles.acc main;
error_log /var/log/nginx/ngx_http/http.pacfiles.err;
location / {
expires ;
root /usr/share/nginx/html;
}
}
2.3 检测脚本
[root@localhost ~]# vim /etc/nginx/nginx.conf
查看
使用nginx的访问控制,控制pac文件可以被那些IP访问
2.4 从80口控制
[root@localhost ~]# vim /etc/nginx/conf.d/ngx_http/http.conf.pacfiles
server {
# Core functionality
include conf.d/ngx_http/include/http.ipallow.; #添加此配置
# Module ngx_http_core_module
listen ;
# Module ngx_http_charset_module
charset utf-;
# Module ngx_http_log_module
access_log /var/log/nginx/ngx_http/http.pacfiles.acc main;
error_log /var/log/nginx/ngx_http/http.pacfiles.err;
location / {
expires ;
root /usr/share/nginx/html;
}
}
[root@localhost ~]# vim /etc/nginx/conf.d/ngx_http/include/http.ipallow.10001
#allow 192.168.43.0/24; #禁止本地访问
deny all;
查看IP
pacfile没有生效
[root@localhost ~]# vim /etc/nginx/conf.d/ngx_http/include/http.ipallow.10001
allow 192.168.43.0/24; #允许本地访问
deny all;
但是,由于有缓存,导致每次在禁止访问后,但是依然可以访问到代理上
2.5 禁止浏览器缓存
配置
[root@localhost ~]# vim /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections ;
} http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout ;
types_hash_max_size ;
add_header Cache-Control no-store; #禁止缓存
add_header Cache-Control no-cache; #禁止缓存
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/ngx_http/http.conf.*;
}
则每次更改权限后,不会有缓存,可立即生效!
最新文章
- Only女装首页HTML+CSS代码实现
- 关于Python中输出中文的一点疑问
- Mecanim 学习概述
- 结合计划任务每天从Symantec官网下载离线病毒库
- Kafka 0.10.0
- 输出n行杨辉三角数
- Instant Buy Android API Tutorial
- 【转】java枚举类型enum的使用
- hdoj 1728 逃离迷宫
- [Mugeda HTML5技术教程之8]添加行为
- MYSQL中的语句
- 普通图片转ascii码字符图
- PHP常量定义define与const
- Vue 进阶之路(四)
- [NOI2002] 贪吃的九头龙
- socket资源
- SpringBoot之oauth2.0学习之服务端配置快速上手
- NPOI DataTable导出excel
- ffmpeg基本用法
- Java代码常见的十种错误