<div dir="ltr">Hi All,<div><br></div><div>I got it working now by adding the below code. Hope it will be useful for who ever may need or looking for a solution. Only whitelisted IP addresses can do directory listing, other IP addresses can only download the files.</div><div><br></div><div><span style="color:rgb(34,34,34);font-family:sans-serif;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">nginx.conf</span><br></div><div><span style="color:rgb(34,34,34);font-family:sans-serif;font-size:13px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline"><br></span></div><div>http{</div><div>....</div><div><div>geo $geoAutoIndexWhitelist {</div><div> default 0;</div><div> 1.1.1.1 1;</div><div>}</div><div>}</div><div><br></div><div>site domain config domain.conf</div><div><br></div><div>server {</div><div>....</div><div>root /data/downloads;</div><div>autoindex off;</div><div><br></div><div>location / {</div><div> if ($geoAutoIndexWhitelist) {</div><div> rewrite ^/(.*)$ /allowed_downloads/$1/ last;</div><div> }</div><div> try_files $uri $uri.html $uri/ =404;</div><div> }</div><div><br></div><div> location /allowed_downloads/ {</div><div> internal;</div><div> alias /data/downloads/;</div><div> autoindex on;</div><div>}<br></div><div>}</div><div><br></div><div>Later reload nginx service.</div><div><br></div><div><br></div><div>credits: shawn-c (stackoverflow)</div><div><br></div><div><div><div dir="ltr" class="gmail_signature">Thanks & Regards<br>Sathish.V</div></div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Sat, May 19, 2018 at 9:39 AM Sathish Kumar <<a href="mailto:satcse88@gmail.com">satcse88@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Igor,<div><br></div><div>I tried your config and getting error, can you help me.</div><div><br></div><div><div>location / {</div><div><br></div><div>alias /downloads/;</div><div> root /data/files;<br></div><div> autoindex on;</div><div><br></div><div> if ($forbidlisting) {<br></div><div> rewrite ^/(.*) /noindex_root/$1 last;</div><div><br></div><div> }</div><div>}</div><div>location /noindex_root/ {</div><div> internal;</div><div> alias /downloads/;</div><div>}</div></div><div><br></div><div><br></div><div>nginx: [emerg] "root" directive is duplicate, "alias" directive was specified earlier in domain.conf</div><div><br></div><div><br></div><div><br clear="all"><div><div dir="ltr" class="m_4452609617193768251gmail_signature">Thanks & Regards<br>Sathish.V</div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Sat, May 19, 2018 at 1:03 AM Igor A. Ippolitov <<a href="mailto:iippolitov@nginx.com" target="_blank">iippolitov@nginx.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_4452609617193768251m_5572871855503829210moz-cite-prefix">This works for me:<br>
<blockquote type="cite"><br>
location / {<br>
alias /downloads/;<br>
autoindex on;<br>
if ($forbidlisting) {<br>
rewrite ^/(.*) /noindex_root/$1 last;<br>
}<br>
}<br>
location /noindex_root/ {<br>
internal;<br>
alias /downloads/;<br>
}</blockquote>
<br>
<br>
On 18.05.2018 19:32, Sathish Kumar wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">
<div>Hi,
<div dir="auto"><br>
</div>
<div dir="auto">I am doing for location /, in that case how
will have to change the below portion.</div>
<div dir="auto"><br>
</div>
<div dir="auto">
<blockquote style="font-family:sans-serif">location
/downloads {<br>
alias /downloads/;<br>
autoindex on;<br>
if ($forbidlisting) {<br>
rewrite /downloads(.*) /noindex_downloads/<span class="m_4452609617193768251m_5572871855503829210money">$1</span> last;<br>
}<br>
}<br>
location /noindex_downloads/ {<br>
internal;<br>
alias /downloads/;<br>
}</blockquote>
</div>
<br>
<br>
<div class="gmail_quote">
<div dir="ltr">On Fri, May 18, 2018, 11:10 PM Igor A.
Ippolitov <<a href="mailto:iippolitov@nginx.com" target="_blank">iippolitov@nginx.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_4452609617193768251m_5572871855503829210m_-372060805414186305moz-cite-prefix">Sathish,<br>
<br>
I made a couple of minor mistakes.<br>
<br>
Please, try following configuration:<br>
<br>
<blockquote type="cite"><br>
map $remote_addr $forbidlisting {<br>
default 1;<br>
1.1.1.1 0;<br>
}<br>
location /downloads {<br>
alias /downloads/;<br>
autoindex on;<br>
if ($forbidlisting) {<br>
rewrite /downloads(.*) /noindex_downloads/$1
last;<br>
}<br>
}<br>
location /noindex_downloads/ {<br>
internal;<br>
alias /downloads/;<br>
}</blockquote>
<br>
I tried it and it works for me.<br>
<br>
<br>
On 18.05.2018 16:01, Sathish Kumar wrote:<br>
</div>
<blockquote type="cite">
<div dir="auto">Hi,
<div dir="auto"><br>
<div dir="auto">Tried this option it throws
rewrite error and am not able to download file
from non whitelisted ip addresses.</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">ERROR:</div>
<div dir="auto">rewrite or internal redirection
cycle while processing
"/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
client: 3.3.3.3, server: <a href="http://abc.com" rel="noreferrer" target="_blank">abc.com</a>,
request: "GET /Downloads/abcd/file.zip </div>
<div dir="auto"><br>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Fri, May 18, 2018, 8:17 PM Igor A.
Ippolitov <<a href="mailto:iippolitov@nginx.com" rel="noreferrer" target="_blank">iippolitov@nginx.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_4452609617193768251m_5572871855503829210m_-372060805414186305m_503233695107463458moz-cite-prefix">Hello,
guys.<br>
<br>
I think, you can try something like this:<br>
<br>
location = /downloads/ {<br>
root /downloads/;<br>
allow 1.1.1.1;<br>
autoindex on;<br>
}<br>
location /downloads/ {<br>
root /downloads/;<br>
}<br>
<br>
This will work nicely if you don't need
subdirectories.<br>
If you need those, you can use a rewrite like:<br>
<br>
map $remote_addr $forbidlisting {<br>
default 1;<br>
1.1.1.1 0;<br>
}<br>
location /downloads/ {<br>
root /downloads/;<br>
autoindex on;<br>
if ($forbidlisting) {<br>
rewrite /downloads(.*)
/noindex_downloads$1 last;<br>
}<br>
}<br>
location /noindex_downloads/ {<br>
internal;<br>
root /downloads/;<br>
}<br>
<br>
<br>
On 18.05.2018 14:17, Friscia, Michael wrote:<br>
</div>
<blockquote type="cite">
<div class="m_4452609617193768251m_5572871855503829210m_-372060805414186305m_503233695107463458WordSection1">
<p class="MsoNormal">I think you need to
change this a little</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal" style="margin-bottom:12.0pt">map
$remote_addr $allowed {<br>
default “off”;<br>
1.1.1.1 “on”;<br>
2.2.2.2 “on:;<br>
}</p>
<p class="MsoNormal" style="margin-bottom:12.0pt">and then in
in the download location block<br>
<br>
autoindex $allowed;</p>
<p class="MsoNormal">I use similar logic on
different variables and try at all costs
to avoid IF statements anywhere in the
configs.</p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">___________________________________________</span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">Michael
Friscia</span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">Office
of Communications</span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">Yale
School of Medicine</span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">(203)
737-7932 - office</span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a">(203)
931-5381 - mobile</span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;color:#44546a"><a href="http://web.yale.edu/" rel="noreferrer noreferrer" target="_blank"><span style="color:#44546a">http://web.yale.edu</span></a></span></p>
</div>
<p class="MsoNormal"> </p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From:
</span></b><span style="font-size:12.0pt;color:black">nginx
<a class="m_4452609617193768251m_5572871855503829210m_-372060805414186305m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx-bounces@nginx.org" rel="noreferrer noreferrer" target="_blank"><nginx-bounces@nginx.org></a>
on behalf of PRAJITH <a class="m_4452609617193768251m_5572871855503829210m_-372060805414186305m_503233695107463458moz-txt-link-rfc2396E" href="mailto:prajithpalakkuda@gmail.com" rel="noreferrer noreferrer" target="_blank"><prajithpalakkuda@gmail.com></a><br>
<b>Reply-To: </b><a class="m_4452609617193768251m_5572871855503829210m_-372060805414186305m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx@nginx.org" rel="noreferrer noreferrer" target="_blank">"nginx@nginx.org"</a>
<a class="m_4452609617193768251m_5572871855503829210m_-372060805414186305m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx@nginx.org" rel="noreferrer noreferrer" target="_blank"><nginx@nginx.org></a><br>
<b>Date: </b>Friday, May 18, 2018 at
2:16 AM<br>
<b>To: </b><a class="m_4452609617193768251m_5572871855503829210m_-372060805414186305m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx@nginx.org" rel="noreferrer noreferrer" target="_blank">"nginx@nginx.org"</a>
<a class="m_4452609617193768251m_5572871855503829210m_-372060805414186305m_503233695107463458moz-txt-link-rfc2396E" href="mailto:nginx@nginx.org" rel="noreferrer noreferrer" target="_blank"><nginx@nginx.org></a><br>
<b>Subject: </b>Re: Nginx Directory
Listing - Restrict by IP Address</span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><a name="m_4452609617193768251_m_5572871855503829210_m_-372060805414186305_m_503233695107463458__MailOriginalBody" rel="noreferrer noreferrer">Hi
Satish,</a></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span>There
are "if" constructs in nginx,
please check </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=" rel="noreferrer noreferrer" target="_blank"><span>http://nginx.org/r/if</span><span></span></a><span>.
if you want to allow multiple IP
addresses, it might be better
idea to use map. eg:<br>
<br>
map $remote_addr $allowed {<br>
default 0;<br>
1.1.1.1 1;<br>
2.2.2.2 1;<br>
}</span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span>and
then in in the download location
block<br>
<br>
if ($allowed = 1) {<br>
autoindex on;<br>
}</span></p>
</div>
<p class="MsoNormal"><span>Thanks,</span></p>
</div>
<p class="MsoNormal"><span>Prajith</span></p>
</div>
<div>
<p class="MsoNormal"><span> </span></p>
<div>
<p class="MsoNormal"><span>On 18 May
2018 at 05:35, Sathish Kumar <</span><a href="mailto:satcse88@gmail.com" rel="noreferrer noreferrer" target="_blank"><span>satcse88@gmail.com</span><span></span></a><span>>
wrote:</span></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">Hi
Team,</span></span></p>
<p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">We
have a requirement to allow
directory listing from few
servers and disallow from
other ip addresses and all IP
addresses should be able to
download all files inside the
directory.</span></span></p>
<p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">Can
somebody provide the correct
nginx config for the same.</span></span></p>
<pre style="background:#eff0f1;vertical-align:baseline;white-space:pre-wrap;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;max-height:600px;word-wrap:normal;overflow:auto;word-spacing:0px"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">location / {</span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">root /downloads;</span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">autoindex on;</span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">allow 1.1.1.1;</span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">deny all;</span></code></span></pre>
<pre style="background:#eff0f1;vertical-align:baseline"><span><code><span style="font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#eff0f1">}</span></code></span></pre>
<p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">If
I use the above config, only
on 1.1.1.1 IP address can
directory list from this
server and can file download
but from other IP addresses
download shows forbidden, due
to IP address restriction</span></span></p>
<p style="margin-right:0in;margin-bottom:12.0pt;margin-left:0in;background:white;vertical-align:baseline;font-variant-ligatures:normal;font-variant-caps:normal;text-decoration-style:initial;text-decoration-color:initial;font-variant-numeric:inherit;font-variant-east-asian:inherit;font-stretch:inherit;line-height:inherit;box-sizing:inherit;word-spacing:0px"><span><span style="font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729">Is
there a way to overcome this
issue, thanks.</span></span></p>
<p class="MsoNormal"><span><br clear="all">
</span></p>
<div>
<div>
<p class="MsoNormal"><span>Thanks
& Regards<br>
Sathish.V</span></p>
</div>
</div>
</div>
<p class="MsoNormal"><span><br>
_______________________________________________<br>
nginx mailing list<br>
</span><a href="mailto:nginx@nginx.org" rel="noreferrer noreferrer" target="_blank"><span>nginx@nginx.org</span><span></span></a><span><br>
</span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=" rel="noreferrer noreferrer" target="_blank"><span>http://mailman.nginx.org/mailman/listinfo/nginx</span><span></span></a><span></span></p>
</blockquote>
</div>
<p class="MsoNormal"><span> </span></p>
</div>
</div>
<br>
<fieldset class="m_4452609617193768251m_5572871855503829210m_-372060805414186305m_503233695107463458mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
nginx mailing list
<a class="m_4452609617193768251m_5572871855503829210m_-372060805414186305m_503233695107463458moz-txt-link-abbreviated" href="mailto:nginx@nginx.org" rel="noreferrer noreferrer" target="_blank">nginx@nginx.org</a>
<a class="m_4452609617193768251m_5572871855503829210m_-372060805414186305m_503233695107463458moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></pre>
</blockquote>
<p><br>
</p>
</div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" rel="noreferrer
noreferrer" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer noreferrer noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote>
</div>
<br>
<fieldset class="m_4452609617193768251m_5572871855503829210m_-372060805414186305mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
nginx mailing list
<a class="m_4452609617193768251m_5572871855503829210m_-372060805414186305moz-txt-link-abbreviated" href="mailto:nginx@nginx.org" rel="noreferrer" target="_blank">nginx@nginx.org</a>
<a class="m_4452609617193768251m_5572871855503829210m_-372060805414186305moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></pre>
</blockquote>
<p><br>
</p>
</div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" rel="noreferrer" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote>
</div>
</div>
</div>
<br>
<fieldset class="m_4452609617193768251m_5572871855503829210mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
nginx mailing list
<a class="m_4452609617193768251m_5572871855503829210moz-txt-link-abbreviated" href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a>
<a class="m_4452609617193768251m_5572871855503829210moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></pre>
</blockquote>
<p><br>
</p>
</div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote></div></blockquote></div>