自上而下检查，一旦匹配，将生效,不在匹配后面的策略，条件严格的置前

实验环境

使用curl10.0.0.101页面nihaonginx!!!只能10.0.0.102访问，10.0.0.103禁止访问配置虚拟主机

server{listen80;server_namelocalhost;#charsetkoi8-r;access_loglogs/host.access.logmain;location/{deny10.0.0.103;allow10.0.0.102;denyall;roothtml;indexindex.htmlindex.htm;}#error_page404/404.html;#redirectservererrorpagestothestaticpage/50x.html#error_page500502503504/50x.html;location=/50x.html{roothtml;}检查配置文件并重新加载配置文件

[root@node1~]#nginx-tnginx:theconfigurationfile/usr/local/nginx/conf/nginx.confsyntaxisoknginx:configurationfile/usr/local/nginx/conf/nginx.conftestissuccessful[root@node1~]#nginx-sreload#nginx已经启动[root@node1~]#netstat-antActiveInternetconnections(serversandestablished)ProtoRecv-QSend-QLocalAddressForeignAddressStatetcp000.0.0.0:800.0.0.0:*LISTENtcp000.0.0.0:220.0.0.0:*LISTENtcp0010.0.0.101:2210.0.0.1:65155ESTABLISHEDtcp018010.0.0.101:2210.0.0.1:62206ESTABLISHEDtcp600:::22:::*LISTEN

创建nginx的访问页面

echo'nihaonginx!!!'>/usr/local/nginx/html/index.html在10.0.0.102上访问10.0.0.101

[root@node2~]#ifconfigeth0eth0:flags=4163mtu1500inet10.0.0.102netmask255.0.0.0broadcast10.255.255.255[root@node2~]#curl10.0.0.101nihaonginx!!!#可以正常访问在10.0.0.103上访问10.0.0.101

[root@node3~]#ifconfigeth0eth0:flags=4163mtu1500inet10.0.0.103netmask255.0.0.0broadcast10.255.255.255[root@node3~]#curl10.0.0.101

[root@node1~]#ifconfigeth0eth0:flags=4163mtu1500inet10.0.0.101netmask255.0.0.0broadcast10.255.255.255[root@node1~]#cat/usr/local/nginx/logs/host.access.log10.0.0.103--[09/Sep/2020:16:56:44+0800]"GET/HTTP/1.1"403153"-""curl/7.29.0""-"10.0.0.103--[09/Sep/2020:16:56:45+0800]"GET/HTTP/1.1"403153"-""curl/7.29.0""-"#10.0.0.103访问失败