Restricting access to specific subdirectories

Maxim Dounin mdounin at mdounin.ru
Sun Feb 3 21:53:04 UTC 2013


Hello!

On Sat, Feb 02, 2013 at 10:27:40PM -0500, jdiana wrote:

> Hey all,
> 
> I'm a little stumped about what I'm doing wrong here.  Basically I have a
> subdirectory that I want to restrict access to specific IP's, otherwise
> return a 403.
> 
> If I do the following (inside my server {} block):
> 
> server {
>         // normal processing code here
>         ...
> 
>         location ~ ^/my_ws$ {
>                 allow   XX.XX.XX.XX;
>                 allow   XX.XX.XX.XX/24;
>                 deny   all;
>         }
> }
> 
> Hitting the following URL works as intended and I get a 403 if I try from
> anywhere other than the specified URL's: http://www.mydomain.com/my_ws
> 
> However, if there's anything AFTER that (i.e. my_ws/, my_ws/page2,
> my_ws?parameter1, etc.) it allows them to proceed regardless of IP.
> 
> I'm sure it's something required before or after the $, but I can't figure
> it out.

You don't need regular expressions, just use normal prefix 
location:

    location /my_ws {
        allow ...
        deny all;
    }


See http://nginx.org/r/location for details.

-- 
Maxim Dounin
http://nginx.com/support.html



More information about the nginx mailing list