<div dir="auto">Hi,<div dir="auto"><br><div dir="auto">Tried this option it throws rewrite error and am not able to download file from non whitelisted ip addresses.</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">ERROR:</div><div dir="auto">rewrite or internal redirection cycle while processing "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip", client: 3.3.3.3, server: <a href="http://abc.com">abc.com</a>, request: "GET /Downloads/abcd/file.zip </div><div dir="auto"><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <<a href="mailto:iippolitov@nginx.com">iippolitov@nginx.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <div class="m_503233695107463458moz-cite-prefix">Hello, guys.<br>
      <br>
      I think, you can try something like this:<br>
      <br>
      location = /downloads/ {<br>
          root /downloads/;<br>
          allow 1.1.1.1;<br>
          autoindex on;<br>
      }<br>
      location /downloads/ {<br>
          root /downloads/;<br>
      }<br>
      <br>
      This will work nicely if you don't need subdirectories.<br>
      If you need those, you can use a rewrite like:<br>
      <br>
      map $remote_addr $forbidlisting {<br>
          default 1;<br>
          1.1.1.1 0;<br>
      }<br>
      location /downloads/ {<br>
          root /downloads/;<br>
          autoindex on;<br>
          if ($forbidlisting) {<br>
              rewrite /downloads(.*) /noindex_downloads$1 last;<br>
          }<br>
      }<br>
      location /noindex_downloads/ {<br>
          internal;<br>
          root /downloads/;<br>
      }<br>
      <br>
      <br>
      On 18.05.2018 14:17, Friscia, Michael wrote:<br>
    </div>
    <blockquote type="cite">
      
      
      
      <div class="m_503233695107463458WordSection1">
        <p class="MsoNormal">I think you need to change this a little<u></u><u></u></p>
        <p class="MsoNormal"><u></u> <u></u></p>
        <p class="MsoNormal" style="margin-bottom:12.0pt">map
          $remote_addr $allowed {<br>
              default         “off”;<br>
              1.1.1.1         “on”;<br>
              2.2.2.2         “on:;<br>
          }<u></u><u></u></p>
        <p class="MsoNormal" style="margin-bottom:12.0pt">and then in in
          the download location block<br>
          <br>
           autoindex $allowed;<u></u><u></u></p>
        <p class="MsoNormal">I use similar logic on different variables
          and try at all costs to avoid IF statements anywhere in the
          configs.<u></u><u></u></p>
        <p class="MsoNormal"><u></u> <u></u></p>
        <div>
          <p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">___________________________________________<u></u><u></u></span></p>
          <p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">Michael Friscia<u></u><u></u></span></p>
          <p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">Office of
              Communications<u></u><u></u></span></p>
          <p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">Yale School of
              Medicine<u></u><u></u></span></p>
          <p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">(203) 737-7932 -
              office<u></u><u></u></span></p>
          <p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">(203) 931-5381 -
              mobile<u></u><u></u></span></p>
          <p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a"><a href="http://web.yale.edu/" target="_blank" rel="noreferrer"><span style="color:#44546a">http://web.yale.edu</span></a><u></u><u></u></span></p>
        </div>
        <p class="MsoNormal"><u></u> <u></u></p>
        <div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
          <p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">nginx
              <a class="m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx-bounces@nginx.org" target="_blank" rel="noreferrer"><nginx-bounces@nginx.org></a> on behalf of PRAJITH
              <a class="m_503233695107463458moz-txt-link-rfc2396E" href="mailto:prajithpalakkuda@gmail.com" target="_blank" rel="noreferrer"><prajithpalakkuda@gmail.com></a><br>
              <b>Reply-To: </b><a class="m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer">"nginx@nginx.org"</a>
              <a class="m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer"><nginx@nginx.org></a><br>
              <b>Date: </b>Friday, May 18, 2018 at 2:16 AM<br>
              <b>To: </b><a class="m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer">"nginx@nginx.org"</a> <a class="m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer"><nginx@nginx.org></a><br>
              <b>Subject: </b>Re: Nginx Directory Listing - Restrict by
              IP Address<u></u><u></u></span></p>
        </div>
        <div>
          <p class="MsoNormal"><u></u> <u></u></p>
        </div>
        <div>
          <div>
            <div>
              <div>
                <div>
                  <p class="MsoNormal" style="margin-bottom:12.0pt"><a name="m_503233695107463458__MailOriginalBody" rel="noreferrer">Hi
                      Satish,<u></u><u></u></a></p>
                </div>
                <p class="MsoNormal" style="margin-bottom:12.0pt"><span>There are
                    "if" constructs in nginx, please check
                  </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=" target="_blank" rel="noreferrer"><span>http://nginx.org/r/if</span><span></span></a><span>. if you want
                    to allow multiple IP addresses, it might be better
                    idea to use map. eg:<br>
                    <br>
                    map $remote_addr $allowed {<br>
                        default         0;<br>
                        1.1.1.1         1;<br>
                        2.2.2.2         1;<br>
                    }<u></u><u></u></span></p>
              </div>
              <p class="MsoNormal" style="margin-bottom:12.0pt"><span>and then in in
                  the download location block<br>
                  <br>
                   if ($allowed = 1) {<br>
                          autoindex on;<br>
                  }<u></u><u></u></span></p>
            </div>
            <p class="MsoNormal"><span>Thanks,<u></u><u></u></span></p>
          </div>
          <p class="MsoNormal"><span>Prajith<u></u><u></u></span></p>
        </div>
        <div>
          <p class="MsoNormal"><span><u></u> <u></u></span></p>
          <div>
            <p class="MsoNormal"><span>On 18 May 2018 at
                05:35, Sathish Kumar <</span><a href="mailto:satcse88@gmail.com" target="_blank" rel="noreferrer"><span>satcse88@gmail.com</span><span></span></a><span>> wrote:<u></u><u></u></span></p>
            <blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
              <div>
                <p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">Hi
                      Team,<u></u><u></u></span></span></p>
                <p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">We
                      have a requirement to allow directory listing from
                      few servers and disallow from other ip addresses
                      and all IP addresses should be able to download
                      all files inside the directory.<u></u><u></u></span></span></p>
                <p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">Can
                      somebody provide the correct nginx config for the
                      same.<u></u><u></u></span></span></p>
                <pre style="background:#eff0f1;vertical-align:baseline;white-space:pre-wrap;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;max-height:600px;word-wrap:normal;overflow:auto;word-spacing:0px"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">location / {<u></u><u></u></span></code></span></pre>
                <pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">root /downloads;<u></u><u></u></span></code></span></pre>
                <pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">autoindex on;<u></u><u></u></span></code></span></pre>
                <pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">allow 1.1.1.1;<u></u><u></u></span></code></span></pre>
                <pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">deny all;<u></u><u></u></span></code></span></pre>
                <pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">}<u></u><u></u></span></code></span></pre>
                <p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">If
                      I use the above config, only on 1.1.1.1 IP address
                      can directory list from this server and can file
                      download but from other IP addresses download
                      shows forbidden, due to IP address restriction<u></u><u></u></span></span></p>
                <p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">Is
                      there a way to overcome this issue, thanks.<u></u><u></u></span></span></p>
                <p class="MsoNormal"><span><br clear="all">
                    <u></u><u></u></span></p>
                <div>
                  <div>
                    <p class="MsoNormal"><span>Thanks
                        & Regards<br>
                        Sathish.V<u></u><u></u></span></p>
                  </div>
                </div>
              </div>
              <p class="MsoNormal"><span><br>
                  _______________________________________________<br>
                  nginx mailing list<br>
                </span><a href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer"><span>nginx@nginx.org</span><span></span></a><span><br>
                </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=" target="_blank" rel="noreferrer"><span>http://mailman.nginx.org/mailman/listinfo/nginx</span><span></span></a><span><u></u><u></u></span></p>
            </blockquote>
          </div>
          <p class="MsoNormal"><span><u></u> <u></u></span></p>
        </div>
      </div>
      <br>
      <fieldset class="m_503233695107463458mimeAttachmentHeader"></fieldset>
      <br>
      <pre>_______________________________________________
nginx mailing list
<a class="m_503233695107463458moz-txt-link-abbreviated" href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer">nginx@nginx.org</a>
<a class="m_503233695107463458moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank" rel="noreferrer">http://mailman.nginx.org/mailman/listinfo/nginx</a></pre>
    </blockquote>
    <p><br>
    </p>
  </div>

_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote></div>