ngx_http_access
Igor Sysoev
is at rambler-co.ru
Tue Feb 20 16:02:06 MSK 2007
On Tue, Feb 20, 2007 at 02:39:19PM +0200, Anonymous Coward wrote:
> im trying to deny access to everything that it's a dir/vhost using the
> following config
>
> server {
> listen 192.168.2.1;
> server_name mysub.domain.tld;
>
> access_log /var/log/nginx/localhost.access_log main;
> error_log /var/log/nginx/localhost.error_log;
>
> root /var/www/localhost/htdocs/mysub.domain.tld;
> location / {
> allow 192.168.2.2;
> deny all;
> }
> location /nginx_status {
> stub_status on;
> access_log off;
> allow 127.0.0.1;
> deny all;
> }
> location ~ .php$ {
> include /etc/nginx/fastcgi_params;
> fastcgi_pass 127.0.0.1:1105;
> fastcgi_index index.php;
>
> # where the php files to pass to the listener.
> fastcgi_param SCRIPT_FILENAME
> /var/www/localhost/htdocs/mysub.domain.tld$fastcgi_script_name;
> }
> }
>
>
> Now there are 2 problems
> - it only denies access to http://mysub.domain.tld/ if i connect from
> another host
> - if i connect from the right host when i try to access
> http://mysub.domain.tld/ it wants me to download or open a file... if i try
> http://mysub.domain.tld/index.php it works ok... same with
> http://mysub.domain.tld/myadmin for example still wants me to download/open
> file but works with http://mysub.domain.tld/myadmin/index.php
>
> i tried with location ~ .* also but i get the same result except that it
> correctly denies access to everything apparently... but i still can't see
> the site from an allowed ip
>
> What im doing wrong?
>
> location ~ .*
I can not understand the described situation, but if you want to deny
access to the whole site from anywhere except 192.168.2.2, then you should
set up access/deny rules at server level, and they will be inherited
to all locations.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list