<html><head></head><body bgcolor="#FFFFFF" text="#000000" lang="en-US" style="background-color: rgb(255, 255, 255); line-height: initial;"> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">I would return nothing, that is the 444 code. </div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">I have scripts that process access.log for 444, then see if they come from locations without eyeballs such as data centers, VPS, etc. The entire IP space then goes in the firewall block. </div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">Your typical sysadmin on forums rants that I will end up blocking the entire world, but I can go days without seeing a IP that is not from an ISP. That is my blocking list is very effective. </div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);">I get about a hundred IPs a day doing mischief, with 99.99% looking to hack WordPress, which I don't even run. Most of the hits report a user agent rev of Firefox that never existed. <span style="font-size: initial; text-align: initial; line-height: initial;"></span></div> <div style="width: 100%; font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"><br style="display:initial"></div> <div style="font-size: initial; font-family: Calibri, 'Slate Pro', sans-serif, sans-serif; color: rgb(31, 73, 125); text-align: initial; background-color: rgb(255, 255, 255);"></div> <table width="100%" style="background-color:white;border-spacing:0px;"> <tbody><tr><td colspan="2" style="font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <div style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0in 0in; font-family: Tahoma, 'BB Alpha Sans', 'Slate Pro'; font-size: 10pt;"> <div><b>From: </b>Igal @ Lucee.org</div><div><b>Sent: </b>Friday, May 19, 2017 3:20 PM</div><div><b>To: </b>nginx@nginx.org; Alex Samad</div><div><b>Reply To: </b>nginx@nginx.org</div><div><b>Subject: </b>Re: How to restrict acces to specific friendly URL by IP in Wordpress site?</div></div></td></tr></tbody></table><div style="border-style: solid none none; border-top-color: rgb(186, 188, 209); border-top-width: 1pt; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div><br><div id="_originalContent" style="background-color: rgb(255, 255, 255);">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
On 5/19/2017 3:14 PM, Alex Samad wrote:<br>
<blockquote type="cite" cite="mid:CAJ+Q1PU9gcWU3wnPW=v6Zs22MaRM8Lk0Q9r00s95yndonV1Bag@mail.gmail.com">
<div dir="ltr">
<div class="gmail_extra"><br>
<div class="gmail_quote">On 20 May 2017 at 08:00, <span dir="ltr"><<a href="mailto:lists@lazygranch.com" target="_blank">lists@lazygranch.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">My
experience with deny in nginx is the url isn't hidden</blockquote>
</div>
<br>
</div>
<div class="gmail_extra">So you don't want to just restrict
access but you want to send a 404 not found unless they come
from a specific ip address.</div>
</div>
</blockquote>
<br>
"deny" by default will return 403. if you want to return 404
instead you can do something like the following:<br>
<tt><br>
</tt><tt>### return 404 for requests to /404.internal</tt><tt><br>
</tt><tt>location = /404.internal { internal; }</tt><tt><br>
</tt><tt><br>
</tt><tt>### send 403 to /404.internal to return 404 code instead</tt><tt><br>
</tt><tt>error_page 403 =404 /404.internal;</tt><br>
<br>
Of course, if you have a custom 404 page you can use it instead of
the /404.internal, but this is a simple way that doesn't rely on any
additional resources.<br>
<br>
<div class="moz-signature">
<p>Igal Sapir <br>
Lucee Core Developer
<br>
<a href="http://lucee.org/">Lucee.org</a></p>
</div>
<br><!--end of _originalContent --></div></body></html>