Allow/Deny rules in Location block

sandeep dubey sandeep.sanash at gmail.com
Tue Jan 24 05:37:42 UTC 2023 

Thanks Ian for the reply.
I did it because the container was failing to start with the error below,
will restrict that too. -

> [error] 7#7: *1 connect() failed (111: Connection refused) while
> connecting to upstream, client: 10.10.0.38, server: _, request: "GET
> /api/saml-links HTTP/1.1", upstream: "http://127.0.0.1:8000/api/saml-links",
> host: "10.18.9.132:80"
>

On Mon, Jan 23, 2023 at 5:27 PM Ian Hobson <hobson42 at gmail.com> wrote:

> Hi Sandeep,
>
> I rather suspect that your top two CIDR allow lines are allowing too
> many people in.
>
> Remove them, and check that only the last two lines are
> allowed in.
>
> Then create the two top addresses very carefully, and test.
>
> 1.2.3.4/8 allows all C level addresses of the format 1.*.*.* in. I think
> you need 1.2.3.4/24 which allows all of the format
> 1.2.3.*
>
> Hope this helps.
>
> Ian
>
> On 23/01/2023 16:34, sandeep dubey wrote:
> > Hello,
> >
> > I am trying to restrict some Location block in my Nginx configuration to
> > specific IPs. Below are the changes I made -
> >
> > Version: nginx:1.21.0
> >
> >     location / {
> >                  proxy_pass http://127.0.0.1:8080 <http://127.0.0.1:8080
> >;
> >              }
> >
> >        location = /auth {
> >                  proxy_pass http://127.0.0.1:8080 <http://127.0.0.1:8080
> >;
> >                  allow 1.2.3.4/8 <http://1.2.3.4/8>;
> >                  allow 5.6.7.8/16 <http://5.6.7.8/16>;
> >                  allow my.vpn.ip.here;
> >                  allow my.public.ip.here;
> >                  deny all;
> >                  error_page 403 /usr/share/nginx/html/403.html;
> >                  auth_basic "Administrator’s area";
> >                  auth_basic_user_file /etc/nginx/.htpasswd;
> >              }
> >
> > Here, the deny rule is not working. Users are still able to access the
> > page publicly. Am I missing something?
> >
> > --
> > Regards,
> > Sandeep
> >
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > https://mailman.nginx.org/mailman/listinfo/nginx
>
> --
> Ian Hobson
> Tel (+66) 626 544 695
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>


-- 
Regards,
Sandeep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230124/2bff6320/attachment.htm>

More information about the nginx mailing list