阻止对除某些 ip 之外的 nginx url 的访问

Question

我试图阻止除某些 ips 之外的所有人访问 www.mysite.net/uploads 内的所有文件。我有 php 文件、文档、图像等，我想要整个目录 uploads 以及受 ip 限制的所有其他内容。我尝试设置两个位置，但都不起作用。我做错了什么？

编辑：这是我的完整配置文件

server {
    listen 80;
    listen [::]:80;
    server_name mysite.net www.mysite.net;
    return 302 https://$server_name$request_uri;
}

server {

    # SSL configuration

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl        on;
    ssl_certificate         /etc/ssl/certs/cert.pem;
    ssl_certificate_key     /etc/ssl/private/key.pem;

    access_log      /var/log/nginx/access.log;
    error_log       /var/log/nginx/error.log;
    rewrite_log     on;

    server_name mysite.net www.mysite.net;
    root /var/www/mysite.net/html;
    index index.php index.html index.htm index.nginx-debian.html;


    location / {
        try_files $uri $uri/ /index.php?$query_string;
     }


   location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    }

    location /api {
        root /var/www/mysite.net/html/api;
        rewrite ^/api/(.*)$ /$1 break;
        try_files $uri $uri/ /api/index.php$is_args$args;
    }

    location ~ /api/.+\.php$ {
        root /var/www/mysite.net/html/api;
        rewrite ^/api/(.*)$ /$1 break;

        #include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    }


    location /uploads  {
       alias /var/www/mysite.net/html/uploads;
       allow 1.2.3.4;
       deny all;
    }

    location /uploads/* {
        allow 1.2.3.4;
        deny_all;
    }

}

Answer 1

配置更改后可能需要重启 nginx

另外，请检查以下链接中提到的步骤

https://www.howtogeekpro.com/4/how-to-block-access-to-nginx-except-for-a-specific-ip-address/