使用 nginx 返回自定义 403 错误页面

发布于 2024-09-06 17:00:44 字数 977 浏览 11 评论 0原文

每当发生 403 错误时,我都会尝试在 /temp/www/error403.html 中显示错误页面。

这应该是每当用户尝试通过 https (ssl) 访问站点并且其 IP 位于 blovkips.conf 文件中时,但目前它仍然显示 nginx 的默认错误页面。 我的其他服务器有相同的代码(没有任何阻塞)并且它有效。

是否阻止IP访问自定义403页面? 如果是这样,我该如何让它工作?

server  {
    # ssl
    listen               443;
    ssl                  on;
    ssl_certificate      /etc/nginx/ssl/site.in.crt;
    ssl_certificate_key  /etc/nginx/ssl/site.in.key;
    keepalive_timeout    70;

    server_name localhost;


    location / {
            root   /temp/www;
            index  index.html index.htm;
}

# redirect server error pages to the static page
error_page   403  /error403.html;
# location = /error403.html {
#         root   /temp/www;
# }

    # add trailing slash if missing
    if (-f $document_root/$host$uri) {
            rewrite ^(.*[^/])$ $1/ permanent;
    }      

    # list of IPs to block
    include blockips.conf;
}

编辑: 将 error_page 代码从 504 更正为 403,但我仍然遇到同样的问题

Im trying to display the error page in /temp/www/error403.html whenever a 403 error occurs.

This should be whenever a user tries to access the site via https (ssl) and it's IP is in the blovkips.conf file, but at the moment it still shows nginx's default error page.
I have the same code for my other server (without any blocking) and it works.

Is it blocking the IP from accessing the custom 403 page?
If so how do I get it to work?

server  {
    # ssl
    listen               443;
    ssl                  on;
    ssl_certificate      /etc/nginx/ssl/site.in.crt;
    ssl_certificate_key  /etc/nginx/ssl/site.in.key;
    keepalive_timeout    70;

    server_name localhost;


    location / {
            root   /temp/www;
            index  index.html index.htm;
}

# redirect server error pages to the static page
error_page   403  /error403.html;
# location = /error403.html {
#         root   /temp/www;
# }

    # add trailing slash if missing
    if (-f $document_root/$host$uri) {
            rewrite ^(.*[^/])$ $1/ permanent;
    }      

    # list of IPs to block
    include blockips.conf;
}

Edit:
Corrected error_page code from 504 to 403 but I still have the same issue

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

以歌曲疗慰 2024-09-13 17:00:44

在来这里之前我做了很多谷歌搜索,但现在又做了一些,5 分钟内我就得到了答案:P

似乎我不是唯一一个遇到这个问题的人:

error_page 403 /e403.html;
  location = /e403.html {
  root   html;
  allow all;
}

http://www.cyberciti.biz/faq/unix-linux-nginx-custom-error-403 -page-configuration/

看来我对错误页面的访问被阻止的想法是正确的。

I did heaps of googling before coming here but did some more just now, within 5 minutes I had my answer :P

Seems I'm not the only person to have this issue:

error_page 403 /e403.html;
  location = /e403.html {
  root   html;
  allow all;
}

http://www.cyberciti.biz/faq/unix-linux-nginx-custom-error-403-page-configuration/

Seems that I was right in thinking that access to my error page was getting blocked.

岁月如刀 2024-09-13 17:00:44

问题可能是您正在尝试从禁止访问的网络服务器发送 403“禁止”错误。 Nginx 将 error_page 指令视为内部重定向。因此它正在尝试服务器 https://example.com/error403.html 这也是被禁止的。

因此,您需要使错误页面不从 https 中提供,如下所示:

error_page  403   http://example.com/error403.html

或将必要的“允许访问”选项添加到错误页面路径的位置。测试方法是直接访问/error403.html页面。如果您无法以这种方式访问​​,那么当有人收到实际的 403 错误时,它就不会起作用。

The problem might be that you're trying to server a 403 "Forbidden" error from a webserver that they are forbidden from accessing. Nginx treats the error_page directive as an internal redirect. So it is trying to server https://example.com/error403.html which is also forbidden.

So you need to make the error page not served out of https like this:

error_page  403   http://example.com/error403.html

or add the necessary "access allowed" options to the location for the error page path. The way to test this is to access the /error403.html page directly. If you can't accesses that way, it isn't going to work when someone gets an actual 403 error.

她说她爱他 2024-09-13 17:00:44

我遇到了同样的问题...重点是我已经在服务器上下文级别(或虚拟主机级别,如果您愿意)实现了 ip 白名单,因此每个位置也会有这个(基本上 /403.html 将无法访问) ):

server {
  listen       *:443 ssl;
  server_name  mydomain.com ;
  error_page 403 /403.html;
  .....
  if ($exclusion = 0) { return 403; } #implemented in another conf.d files (see below)
  location ~ \.php$ {
    root          /var/www/vhosts/mydomain.com/httpdocs;
    include       /etc/nginx/fastcgi_par
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_connect_timeout 3m;
    fastcgi_read_timeout 3m;
    fastcgi_send_timeout 3m;
  }
  location /403.html {
    root      /usr/share/nginx/html;
    allow all;
  }

  ...
}

排除conf.d 文件示例:

geo $exclusion {
  default 0;
  10.0.0.0/8  Local network
  80.23.120.23 Some_ip
  ...
}

要解决此问题,只需在位置级别(上下文)执行 return 403:

server {
  listen       *:443 ssl;
  server_name  mydomain.com ;
  error_page 403 /403.html;
  .....
  location ~ \.php$ {
    if ($exclusion = 0) { return 403; } 
    root          /var/www/vhosts/mydomain.com/httpdocs;
    include       /etc/nginx/fastcgi_par
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_connect_timeout 3m;
    fastcgi_read_timeout 3m;
    fastcgi_send_timeout 3m;
  }
  location /403.html {
    root      /usr/share/nginx/html;
    allow all;
  }

  ...
}

对我有用。

I had the same issue... The point is that i've implemented ip whitelist at server context level (or vhost level if you prefer), so every locations will have this as well (basicaly /403.html won't be accessible) :

server {
  listen       *:443 ssl;
  server_name  mydomain.com ;
  error_page 403 /403.html;
  .....
  if ($exclusion = 0) { return 403; } #implemented in another conf.d files (see below)
  location ~ \.php$ {
    root          /var/www/vhosts/mydomain.com/httpdocs;
    include       /etc/nginx/fastcgi_par
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_connect_timeout 3m;
    fastcgi_read_timeout 3m;
    fastcgi_send_timeout 3m;
  }
  location /403.html {
    root      /usr/share/nginx/html;
    allow all;
  }

  ...
}

Exclusion conf.d file sample:

geo $exclusion {
  default 0;
  10.0.0.0/8  Local network
  80.23.120.23 Some_ip
  ...
}

To fix that simply do your return 403 at location level (context):

server {
  listen       *:443 ssl;
  server_name  mydomain.com ;
  error_page 403 /403.html;
  .....
  location ~ \.php$ {
    if ($exclusion = 0) { return 403; } 
    root          /var/www/vhosts/mydomain.com/httpdocs;
    include       /etc/nginx/fastcgi_par
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_connect_timeout 3m;
    fastcgi_read_timeout 3m;
    fastcgi_send_timeout 3m;
  }
  location /403.html {
    root      /usr/share/nginx/html;
    allow all;
  }

  ...
}

Works for me.

万人眼中万个我 2024-09-13 17:00:44

看起来列出的配置中有一个 boo-boo,因为它只向自定义页面发送错误代码 503(“服务不可用”),因此对于 403(“禁止”),您可能想要使用:

error_page 403 /error403.html

It looks like there's a boo-boo in the listed configuration, as it is only sending error code 503 ("service unavailable") to the custom page, so for 403 ("forbidden") you probably want to use:

error_page 403 /error403.html
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文