<div dir="ltr"><div>Thanks Ian for the reply. <br></div><div>I did it because the container was failing to start with the error below, will restrict that too. - <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>[error] 7#7: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 10.10.0.38, server: _, request: "GET /api/saml-links HTTP/1.1", upstream: "<a href="http://127.0.0.1:8000/api/saml-links">http://127.0.0.1:8000/api/saml-links</a>", host: "<a href="http://10.18.9.132:80">10.18.9.132:80</a>"</div></blockquote></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jan 23, 2023 at 5:27 PM Ian Hobson <<a href="mailto:hobson42@gmail.com">hobson42@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Sandeep,<br>
<br>
I rather suspect that your top two CIDR allow lines are allowing too <br>
many people in.<br>
<br>
Remove them, and check that only the last two lines are<br>
allowed in.<br>
<br>
Then create the two top addresses very carefully, and test.<br>
<br>
<a href="http://1.2.3.4/8" rel="noreferrer" target="_blank">1.2.3.4/8</a> allows all C level addresses of the format 1.*.*.* in. I think <br>
you need <a href="http://1.2.3.4/24" rel="noreferrer" target="_blank">1.2.3.4/24</a> which allows all of the format<br>
1.2.3.*<br>
<br>
Hope this helps.<br>
<br>
Ian<br>
<br>
On 23/01/2023 16:34, sandeep dubey wrote:<br>
> Hello,<br>
> <br>
> I am trying to restrict some Location block in my Nginx configuration to <br>
> specific IPs. Below are the changes I made -<br>
> <br>
> Version: nginx:1.21.0<br>
> <br>
>     location / {<br>
>                  proxy_pass <a href="http://127.0.0.1:8080" rel="noreferrer" target="_blank">http://127.0.0.1:8080</a> <<a href="http://127.0.0.1:8080" rel="noreferrer" target="_blank">http://127.0.0.1:8080</a>>;<br>
>              }<br>
> <br>
>        location = /auth {<br>
>                  proxy_pass <a href="http://127.0.0.1:8080" rel="noreferrer" target="_blank">http://127.0.0.1:8080</a> <<a href="http://127.0.0.1:8080" rel="noreferrer" target="_blank">http://127.0.0.1:8080</a>>;<br>
>                  allow <a href="http://1.2.3.4/8" rel="noreferrer" target="_blank">1.2.3.4/8</a> <<a href="http://1.2.3.4/8" rel="noreferrer" target="_blank">http://1.2.3.4/8</a>>;<br>
>                  allow <a href="http://5.6.7.8/16" rel="noreferrer" target="_blank">5.6.7.8/16</a> <<a href="http://5.6.7.8/16" rel="noreferrer" target="_blank">http://5.6.7.8/16</a>>;<br>
>                  allow my.vpn.ip.here;<br>
>                  allow my.public.ip.here;<br>
>                  deny all;<br>
>                  error_page 403 /usr/share/nginx/html/403.html;<br>
>                  auth_basic "Administrator’s area";<br>
>                  auth_basic_user_file /etc/nginx/.htpasswd;<br>
>              }<br>
> <br>
> Here, the deny rule is not working. Users are still able to access the <br>
> page publicly. Am I missing something?<br>
> <br>
> -- <br>
> Regards,<br>
> Sandeep<br>
> <br>
> _______________________________________________<br>
> nginx mailing list<br>
> <a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
> <a href="https://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">https://mailman.nginx.org/mailman/listinfo/nginx</a><br>
<br>
-- <br>
Ian Hobson<br>
Tel (+66) 626 544 695<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="https://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">https://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">Regards,<div>Sandeep</div></div></div>