allow/deny for a single location, with other location handler

Robert Bunting robert at exoweb.net
Sun Feb 3 05:50:48 MSK 2008


Thanks Eden, I guess that way will allow me to put the minimum amount of 
  config in each location directive, at least.

So for the record, I ended up with:

server {
     ...
     proxy_buffers ...;
     proxy_set_header...;
     ... other global proxy options;
     location / {
         proxy_pass http://bella;
     }
     location /special_url/ {
         allow 59.150.40.29;
         deny all;
         proxy_pass http://bella;
     }
     location /static/ {
         ...
     }
}

Not so bad, as long as I don't have too many of these special 
per-location rules.

thanks,
robert.

Eden Li wrote:
> proxy_* config declarations in the server block trickle down to location 
> blocks.
> 
> eg:
> 
> proxy_set_header X-Forwarded-For $http_x_client_ip;
> ..
> location / { proxy_pass ...; } # (1)
> location /account/sync_profile/ { allow 59.150.40.29; deny all; 
> proxy_pass ...; } # (2)
> 
> both (1) and (2) will pass along the X-Client-IP header
> 
> On Feb 2, 2008, at 11:04 AM, Robert Bunting wrote:
> 
>> Hi,
>>
>> I'm using nginx to proxy through to apache, with a simple
>>
>>    location / {
>>        proxy_pass ...
>>    }
>>
>> However, there is one location ( /account/sync_profile/) which I'd 
>> like to restrict to just one IP address.
>>
>> If I add a location for that address,
>> location /account/sync_profile/ {
>>    allow 59.150.40.29;
>>    deny all;
>> }
>>
>> then of course it doesn't get handled by the proxy.
>>
>> I can't put an
>> if ($uri = /account/sync_profile) { allow 59.150.40.29; deny all; }
>> inside my main location, since allow, deny won't work there.
>>
>> I can't use a multi-level if;
>>
>> I suppose one solution would be to include the proxy config into the 
>> restricted location as well, but this seems like unnecessarily verbose..
>>
>> Any ideas?
>>
>> thanks,
>> robert.
>>
>>
>>
>>
> 
> 
> 






More information about the nginx mailing list