1. The most common method (restriction in code)

1. How to limit IP

function get_new_ip() {if(getenv('HTTP_CLIENT_IP')) {
        $onlineip = getenv('HTTP_CLIENT_IP');
    } elseif(getenv('HTTP_X_FORWARDED_FOR')) {
        $onlineip = getenv('HTTP_X_FORWARDED_FOR');
    } elseif(getenv('REMOTE_ADDR')) {
       $onlineip = getenv('REMOTE_ADDR');
    } else {
       $onlineip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
    }   
    return $onlineip;
}
 
$onlineip = get_new_ip();
$wip = ['127.0.0.1'];
 
if(! in_array($onlineip.$wip)){
    header("HTTP / 1.1 404 Not Found");
    header("Status: 404 Not Found");
    exit;
}Copy the code

2. Verify the password

///////////////// Password protect ////////////////////////////////////////////////////////////////
define('ADMIN_USERNAME'.'test');     // Admin Username
define('ADMIN_PASSWORD'.'test');    // Admin Password
 
 
if(! isset($_SERVER['PHP_AUTH_USER') | |! isset($_SERVER['PHP_AUTH_PW') | |$_SERVER['PHP_AUTH_USER'] != ADMIN_USERNAME || $_SERVER['PHP_AUTH_PW'] != ADMIN_PASSWORD) {
            Header("WWW-Authenticate: Basic realm=\"discuz Login\"");
            Header("HTTP / 1.0 401 Unauthorized");
 
            echo<<<EOB <html><body> <h1>Rejected! </h1> <big>Wrong Username or Password! </big> </body></html> EOB;exit;
}
////////// END OF DEFAULT CONFIG AREA /////////////////////////////////////////////////////////////Copy the code

2, NGINX restrictions

1. IP restrictions

Official documentation: nginx.org/en/docs/htt…

Location / {deny 192.168.1.1; Allow 192.168.1.0/24; Allow 10.1.1.0/16; allow 2001:0db8::/32; deny all; }Copy the code

2, auth_basic native authentication (nginx default support)

Official documentation: nginx.org/en/docs/htt…

Installing the Password Tool

Yum -y install httpd-tools generate password htpasswd -c pass.db nginx configure (need to maintain pass.db file) auth_basic"User Authentication";
auth_basic_user_file  conf/pass.db; Copy the code

Ngx_http_auth_request_module Third-party authentication

Install the –with-http_auth_request_module module

#auth_basic "User Authentication";
#auth_basic_user_file conf/pass.db;
 
auth_request /auth;
 
location = /auth {
    proxy_pass ...
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
    proxy_set_header X-Original-URI $request_uri;
}Copy the code

Here we can substitute, www.auth.com/api/HttpBas… , the code is as follows:

///////////////// Password protect ////////////////////////////////////////////////////////////////
define('ADMIN_USERNAME'.'test');     // Admin Username
define('ADMIN_PASSWORD'.'test');    // Admin Password
 
 
if(! isset($_SERVER['PHP_AUTH_USER') | |! isset($_SERVER['PHP_AUTH_PW') | |$_SERVER['PHP_AUTH_USER'] != ADMIN_USERNAME || $_SERVER['PHP_AUTH_PW'] != ADMIN_PASSWORD) {
            Header("WWW-Authenticate: Basic realm=\"discuz Login\"");
            Header("HTTP / 1.0 401 Unauthorized");
 
            echo<<<EOB <html><body> <h1>Rejected! </h1> <big>Wrong Username or Password! </big> </body></html> EOB;exit;
}
////////// END OF DEFAULT CONFIG AREA /////////////////////////////////////////////////////////////Copy the code

Ngx_http_auth_jwt_module Third-party authentication

location / {
    auth_jwt           "closed site";
    auth_jwt_key_file  conf/keys.json;
    auth_jwt_claim_set $email info e-mail;
    auth_jwt_claim_set $job info "job title";
}Copy the code

The encryption algorithm works the same as above

Configuration code:

Location ~ /admin/.* PHP ${location = /admin. PHP {allow 127.0.0.1; deny all; auth_basic"Authorized users only";
     auth_basic_user_file authkey/auth.com.db;
 
    fastcgi_pass common;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param  SCRIPT_FILENAME     $document_root$fastcgi_script_name;
 
}Copy the code