1Panel 版本:V2.0.13
操作系统(设备): ubuntu-24.04
关键截图:
日志:
问题:我配置了WAF的地区访问限制,网站全局和和网站设备都打开设置了,允许中国大陆,并且保存配置了,试了国外的IP还是可以访问,我又重启了网站、OpenResty、重启了服务器都试过了,依旧国外的IP还是可以访问
,这个是什么问题
网站有没有添加 lua 代码 或者 手动添加其他配置
你好,在其他配置中如何添加
我是问你 有没有自己手动修改过网站的配置文件
没有手动修改过网站配置代码
这个是网站的单独配置
server {
listen 80 ;
listen [::]:80 ;
listen 443 ssl ;
listen [::]:443 ssl ;
server_name xxjiov.com www.xxjiov.com www.xxjiov.com xxjiov.com;
index index.php index.html index.htm default.php default.htm default.html;
access_log /www/sites/halo/log/access.log main;
error_log /www/sites/halo/log/error.log;
location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md) {
return 404;
}
location ^~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
limit_conn perserver 60;
limit_conn perip 10;
limit_rate 512k;
real_ip_recursive on;
set_real_ip_from 0.0.0.0/0;
real_ip_header X-Real-IP;
location ~ .*\.(js|css|png|jpg|jpeg|gif|ico|bmp|swf|eot|svg|ttf|woff|woff2)$ {
expires 30d;
log_not_found off;
valid_referers none xxjiov.com www.xxjiov.com;
if ($invalid_referer) {
return 404;
}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8090;
}
include /www/sites/halo/redirect/*.conf;
http2 on;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
ssl_certificate /www/sites/halo/ssl/fullchain.pem;
ssl_certificate_key /www/sites/halo/ssl/privkey.pem;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
proxy_set_header X-Forwarded-Proto https;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:8090;
}
}
proxy_cache_path /www/sites/halo/cache levels=1:2 keys_zone=proxy_cache_zone_of_halo:5m max_size=1g inactive=24h;
以下是OpenResty的配置
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
error_log /dev/stdout notice;
pid /var/run/nginx.pid;
worker_rlimit_nofile 51200;
events {
use epoll;
worker_connections 5120;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
access_log /dev/stdout main;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
client_max_body_size 50m;
keepalive_timeout 60;
keepalive_requests 100;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
include /usr/local/openresty/nginx/conf/conf.d/*.conf;
include /usr/local/openresty/nginx/conf/default/*.conf;
include /usr/local/openresty/1pwaf/data/conf/waf.conf;
}
加我企业微信
好的,加了