blob: 988003291cbf438e7a4ca536ffeb72c1c41e0a25 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
=encoding utf-8
=head1 NAME
ngx_stream_access_module - Module ngx_stream_access_module
=head1
The C<ngx_stream_access_module> module (1.9.2) allows
limiting access to certain client addresses.
=head1 Example Configuration
server {
...
deny 192.168.1.1;
allow 192.168.1.0/24;
allow 10.1.1.0/16;
allow 2001:0db8::/32;
deny all;
}
The rules are checked in sequence until the first match is found.
In this example, access is allowed only for IPv4 networks
C<10.1.1.0E<sol>16> and C<192.168.1.0E<sol>24>
excluding the address C<192.168.1.1>,
and for IPv6 network C<2001:0db8::E<sol>32>.
=head1 Directives
=head2 allow
B<syntax:> allow I<
I<C<address>> E<verbar>
I<C<CIDR>> E<verbar>
C<unix:> E<verbar>
C<all>>
B<context:> I<stream>
B<context:> I<server>
Allows access for the specified network or address.
If the special value C<unix:> is specified,
allows access for all UNIX-domain sockets.
=head2 deny
B<syntax:> deny I<
I<C<address>> E<verbar>
I<C<CIDR>> E<verbar>
C<unix:> E<verbar>
C<all>>
B<context:> I<stream>
B<context:> I<server>
Denies access for the specified network or address.
If the special value C<unix:> is specified,
denies access for all UNIX-domain sockets.
|
