SoFunction
Updated on 2025-05-15

Detailed explanation of Nginx's URL rewrite and IP access control

1. URL rewrite (Rewrite)

1. What is URL rewriting

URLRewrite refers to the requested userURLConvert to anotherURLThe process. This is very useful in many scenarios, such as:

  • Put the old oneURLRedirect to newURL
  • BeautifyURL, make it more friendly.
  • Implement dynamicsURLTo staticURLConversion.

2. Rewrite command

NginxProvidedrewriteInstructions to implementURLRewrite. Its basic syntax is as follows:

rewrite regex replacement [flag];
  • regex: Regular expression, used to match the requested URL.
  • replacement: ReplacedURL
  • flag: Optional parameter to control the behavior of rewrites.

3. Example, URL replacement

Suppose we have an old oneURL /, now want to redirect it to the new oneURL /, can be found inNginxAdd the following configuration to the configuration file:

server {
    listen 80;
    server_name ;

    location / {
        rewrite ^/$ / permanent;
    }
}
  • ^/$: Match/
  • /: Replace with newURL
  • permanent: Return 301 permanent redirect status code.

4. Example, beautify URL

Suppose we have a dynamicURL /?id=123, now I want to beautify it into/product/123, can be configured like this:

server {
    listen 80;
    server_name ;

    location /product {
        rewrite ^/product/(\d+)$ /?id=$1 last;
    }
}
  • ^/product/(\d+)$: Match/product/123SuchURL, and capture 123 as$1
  • /?id=$1: Will be captured$1Passed as a parameter to
  • last: Stop processing the current rewrite rule and continue to match otherlocationpiece.

2. IP access control

1. What is IP access control

IPAccess control refers to the client-basedIP addressto restrict or allow access to certain resources. This is very useful in many scenarios, such as:

  • Limit someIPAccess sensitive resources.
  • Allow specificIPAccess the management backend.

2. IP access control command

NginxProvidedallowanddenyInstructions to implementIPAccess control. Their basic syntax is as follows:

allow IPAddress or network segment;
deny IPAddress or network segment;

3. Example: Restricting specific IP access

Suppose we want to limit onlyIP locationAddress:192.168.1.100The client can access/adminDirectory, otherIP addressAll access is denied, so you can configure it like this

server {
    listen 80;
    server_name ;

    location /admin {
        allow 192.168.1.100;
        deny all;
    }
}
  • allow 192.168.1.100:allowIP addressfor192.168.1.100client access.
  • deny all: Reject all otherIP addressvisit.

4. Example: Allow access to specific network segments

Suppose we want to allowIP network segmentfor192.168.1.0/24Client access/internal directory,otherIP addressAccess is denied, so you can configure it like this:

server {
    listen 80;
    server_name ;

    location /internal {
        allow 192.168.1.0/24;
        deny all;
    }
}
  • allow 192.168.1.0/24:allowIP network segmentfor192.168.1.0/24client access.
  • deny all: Reject all otherIP addressvisit.

3. Basic Authentication

1. What is basic certification

Basic authentication is a simple authentication mechanism that requires users to provide a username and password to access protected resources. Although the security of basic authentication is not as good as other advanced authentication mechanisms (such asOAuth), but it is still very useful in some scenarios.

2. Basic authentication in Nginx

NginxProvidedauth_basicandauth_basic_user_fileInstructions to implement basic authentication. Their basic syntax is as follows:

auth_basic "Prompt message";
auth_basic_user_file Password file path;

3. Example: Protect Directory

Suppose we want to protect/secret directory, the user is required to enter a username and password to access. You can configure it like this:

server {
    listen 80;
    server_name ;

    location /secret {
        auth_basic "Restricted Area";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }
}
  • auth_basic "Restricted Area": Set the prompt message to “Restricted Area”。
  • auth_basic_user_file /etc/nginx/.htpasswd: Specify the password file path as/etc/nginx/.htpasswd

How to create .htpasswd file:

Nginxuse.htpasswd fileTo store username and password. Can be usedhtpasswdTools to create and update this file.

htpasswd -c /etc/nginx/.htpasswd username
  • -c: Create a new password file (overrides if the file already exists).
  • /etc/nginx/.htpasswd: Password file path.
  • username:username.

After executing the command, the system will prompt you to enter your password. After entering the password,.htpasswd fileWill be generated.

Add multiple users:

If you want to add multiple users, you can usehtpasswdCommand-bOptions:

htpasswd -b /etc/nginx/.htpasswd user1 password1
htpasswd -b /etc/nginx/.htpasswd user2 password2
  • -b: Specify the password directly in the command line.

4. Summary

You've mastered itNginxThree important functions in:URL rewriteIP Access Controland basic certification. These features can help you better manage and protect yourWeb Services. Hope these examples and explanations can help you better understand and use themNginx

The above is the detailed explanation of Nginx's URL rewriting and IP access control. For more information about Nginx's URL rewriting and IP access control, please follow my other related articles!