<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Sathish,<br>
<br>
I made a couple of minor mistakes.<br>
<br>
Please, try following configuration:<br>
<br>
<blockquote type="cite"><br>
map $remote_addr $forbidlisting {<br>
default 1;<br>
1.1.1.1 0;<br>
}<br>
location /downloads {<br>
alias /downloads/;<br>
autoindex on;<br>
if ($forbidlisting) {<br>
rewrite /downloads(.*) /noindex_downloads/$1 last;<br>
}<br>
}<br>
location /noindex_downloads/ {<br>
internal;<br>
alias /downloads/;<br>
}</blockquote>
<br>
I tried it and it works for me.<br>
<br>
<br>
On 18.05.2018 16:01, Sathish Kumar wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CANa_DOjzF3AjckOb_ck++6NBJ3r4tP4BG_5kRd1dXEbsUBmXFg@mail.gmail.com">
<div dir="auto">Hi,
<div dir="auto"><br>
<div dir="auto">Tried this option it throws rewrite error and
am not able to download file from non whitelisted ip
addresses.</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">ERROR:</div>
<div dir="auto">rewrite or internal redirection cycle while
processing
"/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
client: 3.3.3.3, server: <a href="http://abc.com"
moz-do-not-send="true">abc.com</a>, request: "GET
/Downloads/abcd/file.zip </div>
<div dir="auto"><br>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov
<<a href="mailto:iippolitov@nginx.com"
moz-do-not-send="true">iippolitov@nginx.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_503233695107463458moz-cite-prefix">Hello,
guys.<br>
<br>
I think, you can try something like this:<br>
<br>
location = /downloads/ {<br>
root /downloads/;<br>
allow 1.1.1.1;<br>
autoindex on;<br>
}<br>
location /downloads/ {<br>
root /downloads/;<br>
}<br>
<br>
This will work nicely if you don't need subdirectories.<br>
If you need those, you can use a rewrite like:<br>
<br>
map $remote_addr $forbidlisting {<br>
default 1;<br>
1.1.1.1 0;<br>
}<br>
location /downloads/ {<br>
root /downloads/;<br>
autoindex on;<br>
if ($forbidlisting) {<br>
rewrite /downloads(.*) /noindex_downloads$1 last;<br>
}<br>
}<br>
location /noindex_downloads/ {<br>
internal;<br>
root /downloads/;<br>
}<br>
<br>
<br>
On 18.05.2018 14:17, Friscia, Michael wrote:<br>
</div>
<blockquote type="cite">
<div class="m_503233695107463458WordSection1">
<p class="MsoNormal">I think you need to change this a
little</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-bottom:12.0pt">map
$remote_addr $allowed {<br>
default “off”;<br>
1.1.1.1 “on”;<br>
2.2.2.2 “on:;<br>
}</p>
<p class="MsoNormal" style="margin-bottom:12.0pt">and
then in in the download location block<br>
<br>
autoindex $allowed;</p>
<p class="MsoNormal">I use similar logic on different
variables and try at all costs to avoid IF statements
anywhere in the configs.</p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;color:#44546a">___________________________________________</span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;color:#44546a">Michael
Friscia</span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;color:#44546a">Office of
Communications</span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;color:#44546a">Yale School
of Medicine</span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;color:#44546a">(203)
737-7932 - office</span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;color:#44546a">(203)
931-5381 - mobile</span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:10.0pt;color:#44546a"><a
href="http://web.yale.edu/" target="_blank"
rel="noreferrer" moz-do-not-send="true"><span
style="color:#44546a">http://web.yale.edu</span></a></span></p>
</div>
<p class="MsoNormal"> </p>
<div style="border:none;border-top:solid #b5c4df
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:12.0pt;color:black">From: </span></b><span
style="font-size:12.0pt;color:black">nginx <a
class="m_503233695107463458moz-txt-link-rfc2396E"
href="mailto:nginx-bounces@nginx.org"
target="_blank" rel="noreferrer"
moz-do-not-send="true"><nginx-bounces@nginx.org></a>
on behalf of PRAJITH <a
class="m_503233695107463458moz-txt-link-rfc2396E"
href="mailto:prajithpalakkuda@gmail.com"
target="_blank" rel="noreferrer"
moz-do-not-send="true"><prajithpalakkuda@gmail.com></a><br>
<b>Reply-To: </b><a
class="m_503233695107463458moz-txt-link-rfc2396E"
href="mailto:nginx@nginx.org" target="_blank"
rel="noreferrer" moz-do-not-send="true">"nginx@nginx.org"</a>
<a
class="m_503233695107463458moz-txt-link-rfc2396E"
href="mailto:nginx@nginx.org" target="_blank"
rel="noreferrer" moz-do-not-send="true"><nginx@nginx.org></a><br>
<b>Date: </b>Friday, May 18, 2018 at 2:16 AM<br>
<b>To: </b><a
class="m_503233695107463458moz-txt-link-rfc2396E"
href="mailto:nginx@nginx.org" target="_blank"
rel="noreferrer" moz-do-not-send="true">"nginx@nginx.org"</a>
<a
class="m_503233695107463458moz-txt-link-rfc2396E"
href="mailto:nginx@nginx.org" target="_blank"
rel="noreferrer" moz-do-not-send="true"><nginx@nginx.org></a><br>
<b>Subject: </b>Re: Nginx Directory Listing -
Restrict by IP Address</span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><a
name="m_503233695107463458__MailOriginalBody"
rel="noreferrer" moz-do-not-send="true">Hi
Satish,</a></p>
</div>
<p class="MsoNormal"
style="margin-bottom:12.0pt"><span>There are
"if" constructs in nginx, please check </span><a
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e="
target="_blank" rel="noreferrer"
moz-do-not-send="true"><span>http://nginx.org/r/if</span><span></span></a><span>.
if you want to allow multiple IP addresses,
it might be better idea to use map. eg:<br>
<br>
map $remote_addr $allowed {<br>
default 0;<br>
1.1.1.1 1;<br>
2.2.2.2 1;<br>
}</span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span>and
then in in the download location block<br>
<br>
if ($allowed = 1) {<br>
autoindex on;<br>
}</span></p>
</div>
<p class="MsoNormal"><span>Thanks,</span></p>
</div>
<p class="MsoNormal"><span>Prajith</span></p>
</div>
<div>
<p class="MsoNormal"><span> </span></p>
<div>
<p class="MsoNormal"><span>On 18 May 2018 at 05:35,
Sathish Kumar <</span><a
href="mailto:satcse88@gmail.com" target="_blank"
rel="noreferrer" moz-do-not-send="true"><span>satcse88@gmail.com</span><span></span></a><span>>
wrote:</span></p>
<blockquote style="border:none;border-left:solid
#cccccc 1.0pt;padding:0in 0in 0in
6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p
style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span
style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">Hi
Team,</span></span></p>
<p
style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span
style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">We
have a requirement to allow directory
listing from few servers and disallow from
other ip addresses and all IP addresses
should be able to download all files
inside the directory.</span></span></p>
<p
style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span
style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">Can
somebody provide the correct nginx config
for the same.</span></span></p>
<pre style="background:#eff0f1;vertical-align:baseline;white-space:pre-wrap;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;max-height:600px;word-wrap:normal;overflow:auto;word-spacing:0px"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">location / {</span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">root /downloads;</span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">autoindex on;</span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">allow 1.1.1.1;</span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">deny all;</span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">}</span></code></span></pre>
<p
style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span
style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">If
I use the above config, only on 1.1.1.1 IP
address can directory list from this
server and can file download but from
other IP addresses download shows
forbidden, due to IP address restriction</span></span></p>
<p
style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span
style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">Is
there a way to overcome this issue,
thanks.</span></span></p>
<p class="MsoNormal"><span><br clear="all">
</span></p>
<div>
<div>
<p class="MsoNormal"><span>Thanks &
Regards<br>
Sathish.V</span></p>
</div>
</div>
</div>
<p class="MsoNormal"><span><br>
_______________________________________________<br>
nginx mailing list<br>
</span><a href="mailto:nginx@nginx.org"
target="_blank" rel="noreferrer"
moz-do-not-send="true"><span>nginx@nginx.org</span><span></span></a><span><br>
</span><a
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e="
target="_blank" rel="noreferrer"
moz-do-not-send="true"><span>http://mailman.nginx.org/mailman/listinfo/nginx</span><span></span></a><span></span></p>
</blockquote>
</div>
<p class="MsoNormal"><span> </span></p>
</div>
</div>
<br>
<fieldset class="m_503233695107463458mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
nginx mailing list
<a class="m_503233695107463458moz-txt-link-abbreviated" href="mailto:nginx@nginx.org" target="_blank" rel="noreferrer" moz-do-not-send="true">nginx@nginx.org</a>
<a class="m_503233695107463458moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank" rel="noreferrer" moz-do-not-send="true">http://mailman.nginx.org/mailman/listinfo/nginx</a></pre>
</blockquote>
<p><br>
</p>
</div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank"
rel="noreferrer" moz-do-not-send="true">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
nginx mailing list
<a class="moz-txt-link-abbreviated" href="mailto:nginx@nginx.org">nginx@nginx.org</a>
<a class="moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a></pre>
</blockquote>
<p><br>
</p>
</body>
</html>