<html><head></head><body lang="en-US" style="background-color: rgb(255, 255, 255); line-height: initial;"> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">Beats me. I thought the 404 is what you get with the deny access. I'm sure my nginx skills are worse than yours. ;-)</div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">At one time I had a long list of deny addresses on nginx, but nginx does some processing before finally denying access. I ended up just doing blanket denials in the firewall, with the assumption that the firewall, being essentially legacy code, is more efficient. </div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">I use a map to block requests like /usr and other Unix directories. I'm assuming they are looking for installations where the web root is in a poor location. I've also seen /backup. All that crude hacking shows up as 404s. I seriously doubt these jerks hit pay dirt. </div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">I'm assuming /secret is just a placeholder. I would use a password generator to create a high entropy phrase. (I've been getting blogger referrals that employ the high entropy phrase making them essentially impossible to filter unless you want to block all referrals from blogger. )</div> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br style="display:initial"></div> <div style="font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"></div> <table width="100%" style="background-color:white;border-spacing:0px;"> <tbody><tr><td colspan="2" style="font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <div style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0in 0in; font-family: Tahoma, 'BB Alpha Sans', 'Slate Pro'; font-size: 10pt;"> <div><b>From: </b>Alex Samad</div><div><b>Sent: </b>Friday, May 19, 2017 3:14 PM</div><div><b>To: </b>nginx</div><div><b>Reply To: </b>nginx@nginx.org</div><div><b>Subject: </b>Re: How to restrict acces to specific friendly URL by IP in Wordpress site?</div></div></td></tr></tbody></table><div style="border-style: solid none none; border-top-color: rgb(186, 188, 209); border-top-width: 1pt; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div><br><div id="_originalContent" style=""><div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On 20 May 2017 at 08:00, <span dir="ltr"><<a href="mailto:lists@lazygranch.com" target="_blank">lists@lazygranch.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">My experience with deny in nginx is the url isn't hidden</blockquote></div><br><br></div><div class="gmail_extra">So you don't want to just restrict access but you want to send a 404 not found unless they come from a specific ip address.</div><div class="gmail_extra"><br></div><div class="gmail_extra">I think you should be able to ... but my nginx skills are not that good for now.. :)</div><div class="gmail_extra"><br></div></div>
<br><!--end of _originalContent --></div></body></html>