1. 使用正则匹配内网字段,示例中匹配合法ip,取非后为正则返回403;
location / {
if ($remote_addr !~* "^(192\\.168|172\\.(1[6-9]|2\\d|3[0,1]))(\\.(2[0-4]\\d|25[0-5]|[0,1]?\\d?\\d)){2}$|^10(\\.([2][0-4]\\d|25[0-5]|[0,1]?\\d?\\d)){3}$") {
return 403;
}
proxy_pass http://myapp1;
}2. 修改nginx conf配置文件,指向403,重写nginx 403指向文件;
error_page 403 /reject.html;
location = /reject.html {
root html;
}3. 在nginx的html文件夹下,新建reject.html文件