Allow and Deny IP's

Francis Daly francis at
Tue Feb 6 23:56:34 UTC 2018

On Tue, Feb 06, 2018 at 01:02:22AM +0100, Ph. Gras wrote:

Hi there,

> location ~* wp-login\.php$ {

> - - [05/Feb/2018:21:36:12 +0100] "GET /wp-login.php HTTP/1.1" 200 1300 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"

> Me too :-(

Have you any reason to believe that this location is used to handle this request?

$ nginx -T | grep 'server\|location'

will possibly give a useful hint in that direction.

For what it is worth, if I use:

server {
  listen 8888;
  location /x/ {
    deny all;


$ curl -i

gives me http 200 (html/x/index.html exists), while

$ curl -i

gives me http 403.

So - "works for me". What do you see, when you test that?

What parts of your current config do you have to add, in order for that
test to fail for you?

Francis Daly        francis at

More information about the nginx mailing list