<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    On 5/19/2017 3:14 PM, Alex Samad wrote:<br>
    <blockquote type="cite"
cite="mid:CAJ+Q1PU9gcWU3wnPW=v6Zs22MaRM8Lk0Q9r00s95yndonV1Bag@mail.gmail.com">
      <div dir="ltr">
        <div class="gmail_extra"><br>
          <div class="gmail_quote">On 20 May 2017 at 08:00, <span
              dir="ltr"><<a href="mailto:lists@lazygranch.com"
                target="_blank">lists@lazygranch.com</a>></span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">My
              experience with deny in nginx is the url isn't hidden</blockquote>
          </div>
          <br>
        </div>
        <div class="gmail_extra">So you don't want to just restrict
          access but you want to send a 404 not found unless they come
          from a specific ip address.</div>
      </div>
    </blockquote>
    <br>
    "deny" by default will return 403.  if you want to return 404
    instead you can do something like the following:<br>
    <tt><br>
    </tt><tt>### return 404 for requests to /404.internal</tt><tt><br>
    </tt><tt>location =  /404.internal { internal; }</tt><tt><br>
    </tt><tt><br>
    </tt><tt>### send 403 to /404.internal to return 404 code instead</tt><tt><br>
    </tt><tt>error_page  403 =404 /404.internal;</tt><br>
    <br>
    Of course, if you have a custom 404 page you can use it instead of
    the /404.internal, but this is a simple way that doesn't rely on any
    additional resources.<br>
    <br>
    <div class="moz-signature">
      <p>Igal Sapir <br>
        Lucee Core Developer
        <br>
        <a href="http://lucee.org/">Lucee.org</a></p>
    </div>
  </body>
</html>