authinfo.php,【nginxphp】后臺權限認證方式

一、最常用的方法(代碼中限制)

1、如何限制IP

function get_new_ip(){

if(getenv('HTTP_CLIENT_IP')) {

$onlineip = getenv('HTTP_CLIENT_IP');

} elseif(getenv('HTTP_X_FORWARDED_FOR')) {

$onlineip = getenv('HTTP_X_FORWARDED_FOR');

} elseif(getenv('REMOTE_ADDR')) {

$onlineip = getenv('REMOTE_ADDR');

} else {

$onlineip = $HTTP_SERVER_VARS['REMOTE_ADDR'];

}

return $onlineip;

}

$onlineip = get_new_ip();

$wip = ['127.0.0.1'];

if(!in_array($onlineip, $wip)){

header("HTTP/1.1 404 Not Found");

header("Status: 404 Not Found");

exit;

}

2、進行密碼驗證

/ Password protect

define('ADMIN_USERNAME','test'); // Admin Username

define('ADMIN_PASSWORD','test'); // Admin Password

if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) ||

$_SERVER['PHP_AUTH_USER'] != ADMIN_USERNAME || $_SERVER['PHP_AUTH_PW'] != ADMIN_PASSWORD) {

Header("WWW-Authenticate: Basic realm=\"discuz Login\"");

Header("HTTP/1.0 401 Unauthorized");

echo <<

Rejected!

Wrong Username or Password!

EOB;

exit;

}

// END OF DEFAULT CONFIG AREA /

二、NGINX中限制

1、IP限制

location / {

deny 192.168.1.1;

allow 192.168.1.0/24;

allow 10.1.1.0/16;

allow 2001:0db8::/32;

deny all;

}

2、auth_basic 本機認證(nginx默認支持)

安裝密碼工具

yum -y install httpd-tools

生成密碼

htpasswd -c pass.db

nginx中配置(需要維護 pass.db 文件)

auth_basic "User Authentication";

auth_basic_user_file conf/pass.db;

3、ngx_http_auth_request_module 第三方認證

需要安裝：--with-http_auth_request_module 模塊

#auth_basic "User Authentication";

#auth_basic_user_file conf/pass.db;

auth_request /auth;

location = /auth {

proxy_pass ...

proxy_pass_request_body off;

proxy_set_header Content-Length "";

proxy_set_header X-Original-URI $request_uri;

}

/ Password protect

define('ADMIN_USERNAME','test'); // Admin Username

define('ADMIN_PASSWORD','test'); // Admin Password

if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) ||

$_SERVER['PHP_AUTH_USER'] != ADMIN_USERNAME || $_SERVER['PHP_AUTH_PW'] != ADMIN_PASSWORD) {

Header("WWW-Authenticate: Basic realm=\"discuz Login\"");

Header("HTTP/1.0 401 Unauthorized");

echo <<

Rejected!

Wrong Username or Password!

EOB;

exit;

}

// END OF DEFAULT CONFIG AREA /

4、 ngx_http_auth_jwt_module 第三方認證

location / {

auth_jwt "closed site";

auth_jwt_key_file conf/keys.json;

auth_jwt_claim_set $email info e-mail;

auth_jwt_claim_set $job info "job title";

}

加密算法原理同上

配置代碼：

location ~ /admin/.*php$ {

location = /admin.php {

allow 127.0.0.1;

deny all;

auth_basic "Authorized users only";

auth_basic_user_file authkey/auth.com.db;

fastcgi_pass common;

fastcgi_index index.php;

include fastcgi_params;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

}

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/news/533208.shtml
繁體地址，請注明出處：http://hk.pswp.cn/news/533208.shtml
英文地址，請注明出處：http://en.pswp.cn/news/533208.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！