Hi Buddy,
I am a newer to Nginx world, now I have a project to link the varnish
HTTP server and nginx together, nginx is the back end.
I want to allow the connections only by varnish, so I use deny all ,this
kind of stuff to archieve this.
But if there is a way to compeletely forbid the connections, at present,
even the outside connections is forbidden, but I think it still waste
some resourses, “RETURN A 403 STATIC PAGE”…
I will not use a iptables…
Thank you everyone !!!
I would appreciate very much…
What you describe is by design the job of firewalls… in your case
dropping unwanted connections rather that rejecting them.
1 tool = 1 task
B. R.
On 13 Jun 2014 15:15, “姚锟” [email protected] wrote:
I think it still waste some resourses, “RETURN A 403 STATIC PAGE”…
I think you’re probably wrong. You’re almost certainly prematurely
optimising the wrong thing. Just 403 the unwanted requests and move on
with
your job/life/project.
I mean this sincerely,
J
On 13/06/14 15:14, 姚锟 wrote:
I will not use a iptables…
If varnish and nginx are on the same machine, you could configure nginx
listen to listen on loopback (127.0.0.1:8080 say) and varnish to connect
to that ip:port. This will stop all external direct access to nginx.
I’m guessing you’ve some conditional check in nginx that’s currently
denying external access, you could look at the 444 return code. A quick
google came up with
http://www.acloudtree.com/how-to-deny-hosts-using-nginx/
Steve.