<div dir="auto">Hi,<div dir="auto"><br><div dir="auto">Tried this option it throws rewrite error and am not able to download file from non whitelisted ip addresses.</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">ERROR:</div><div dir="auto">rewrite or internal redirection cycle while processing "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip", client: 3.3.3.3, server: <a href="http://abc.com">abc.com</a>, request: "GET /Downloads/abcd/file.zip </div><div dir="auto"><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <<a href="mailto:iippolitov@nginx.com">iippolitov@nginx.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_503233695107463458moz-cite-prefix">Hello, guys.<br>
<br>
I think, you can try something like this:<br>
<br>
location = /downloads/ {<br>
root /downloads/;<br>
allow 1.1.1.1;<br>
autoindex on;<br>
}<br>
location /downloads/ {<br>
root /downloads/;<br>
}<br>
<br>
This will work nicely if you don't need subdirectories.<br>
If you need those, you can use a rewrite like:<br>
<br>
map $remote_addr $forbidlisting {<br>
default 1;<br>
1.1.1.1 0;<br>
}<br>
location /downloads/ {<br>
root /downloads/;<br>
autoindex on;<br>
if ($forbidlisting) {<br>
rewrite /downloads(.*) /noindex_downloads$1 last;<br>
}<br>
}<br>
location /noindex_downloads/ {<br>
internal;<br>
root /downloads/;<br>
}<br>
<br>
<br>
On 18.05.2018 14:17, Friscia, Michael wrote:<br>
</div>
<blockquote type="cite">
<div class="m_503233695107463458WordSection1">
<p class="MsoNormal">I think you need to change this a little<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">map
$remote_addr $allowed {<br>
default “off”;<br>
1.1.1.1 “on”;<br>
2.2.2.2 “on:;<br>
}<u></u><u></u></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">and then in in
the download location block<br>
<br>
autoindex $allowed;<u></u><u></u></p>
<p class="MsoNormal">I use similar logic on different variables
and try at all costs to avoid IF statements anywhere in the
configs.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">___________________________________________<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">Michael Friscia<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">Office of
Communications<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">Yale School of
Medicine<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">(203) 737-7932 -
office<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">(203) 931-5381 -
mobile<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a"><a href="http://web.yale.edu/" target="_blank" rel="noreferrer"><span style="color:#44546a">http://web.yale.edu</span></a><u></u><u></u></span></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">nginx
<a class="m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx-bounces@nginx.org" target="_blank" rel="noreferrer"><nginx-bounces@nginx.org></a> on behalf of PRAJITH
<a class="m_503233695107463458moz-txt-link-rfc2396E" href="mailto:prajithpalakkuda@gmail.com" target="_blank" rel="noreferrer"><prajithpalakkuda@gmail.com></a><br>
<b>Reply-To: </b><a class="m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer">"nginx@nginx.org"</a>
<a class="m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer"><nginx@nginx.org></a><br>
<b>Date: </b>Friday, May 18, 2018 at 2:16 AM<br>
<b>To: </b><a class="m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer">"nginx@nginx.org"</a> <a class="m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer"><nginx@nginx.org></a><br>
<b>Subject: </b>Re: Nginx Directory Listing - Restrict by
IP Address<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><a name="m_503233695107463458__MailOriginalBody" rel="noreferrer">Hi
Satish,<u></u><u></u></a></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span>There are
"if" constructs in nginx, please check
</span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=" target="_blank" rel="noreferrer"><span>http://nginx.org/r/if</span><span></span></a><span>. if you want
to allow multiple IP addresses, it might be better
idea to use map. eg:<br>
<br>
map $remote_addr $allowed {<br>
default 0;<br>
1.1.1.1 1;<br>
2.2.2.2 1;<br>
}<u></u><u></u></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span>and then in in
the download location block<br>
<br>
if ($allowed = 1) {<br>
autoindex on;<br>
}<u></u><u></u></span></p>
</div>
<p class="MsoNormal"><span>Thanks,<u></u><u></u></span></p>
</div>
<p class="MsoNormal"><span>Prajith<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<div>
<p class="MsoNormal"><span>On 18 May 2018 at
05:35, Sathish Kumar <</span><a href="mailto:satcse88@gmail.com" target="_blank" rel="noreferrer"><span>satcse88@gmail.com</span><span></span></a><span>> wrote:<u></u><u></u></span></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">Hi
Team,<u></u><u></u></span></span></p>
<p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">We
have a requirement to allow directory listing from
few servers and disallow from other ip addresses
and all IP addresses should be able to download
all files inside the directory.<u></u><u></u></span></span></p>
<p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">Can
somebody provide the correct nginx config for the
same.<u></u><u></u></span></span></p>
<pre style="background:#eff0f1;vertical-align:baseline;white-space:pre-wrap;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;max-height:600px;word-wrap:normal;overflow:auto;word-spacing:0px"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">location / {<u></u><u></u></span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">root /downloads;<u></u><u></u></span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">autoindex on;<u></u><u></u></span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">allow 1.1.1.1;<u></u><u></u></span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">deny all;<u></u><u></u></span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">}<u></u><u></u></span></code></span></pre>
<p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">If
I use the above config, only on 1.1.1.1 IP address
can directory list from this server and can file
download but from other IP addresses download
shows forbidden, due to IP address restriction<u></u><u></u></span></span></p>
<p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">Is
there a way to overcome this issue, thanks.<u></u><u></u></span></span></p>
<p class="MsoNormal"><span><br clear="all">
<u></u><u></u></span></p>
<div>
<div>
<p class="MsoNormal"><span>Thanks
& Regards<br>
Sathish.V<u></u><u></u></span></p>
</div>
</div>
</div>
<p class="MsoNormal"><span><br>
_______________________________________________<br>
nginx mailing list<br>
</span><a href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer"><span>nginx@nginx.org</span><span></span></a><span><br>
</span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=" target="_blank" rel="noreferrer"><span>http://mailman.nginx.org/mailman/listinfo/nginx</span><span></span></a><span><u></u><u></u></span></p>
</blockquote>
</div>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
</div>
</div>
<br>
<fieldset class="m_503233695107463458mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
nginx mailing list
<a class="m_503233695107463458moz-txt-link-abbreviated" href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer">nginx@nginx.org</a>
<a class="m_503233695107463458moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank" rel="noreferrer">http://mailman.nginx.org/mailman/listinfo/nginx</a></pre>
</blockquote>
<p><br>
</p>
</div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote></div>