ngx_http_access

Igor Sysoev is at rambler-co.ru
Tue Feb 20 16:02:06 MSK 2007


On Tue, Feb 20, 2007 at 02:39:19PM +0200, Anonymous Coward wrote:

> im trying to deny access to everything that it's a dir/vhost using the
> following config
> 
>        server {
>                listen          192.168.2.1;
>                server_name     mysub.domain.tld;
> 
>                access_log      /var/log/nginx/localhost.access_log main;
>                error_log       /var/log/nginx/localhost.error_log;
> 
>                root /var/www/localhost/htdocs/mysub.domain.tld;
>        location / {
>                allow 192.168.2.2;
>                deny all;
>                }
>        location /nginx_status {
>                stub_status on;
>                access_log   off;
>                allow 127.0.0.1;
>                deny all;
>                }
>        location ~ .php$ {
>                include /etc/nginx/fastcgi_params;
>                fastcgi_pass   127.0.0.1:1105;
>                fastcgi_index  index.php;
> 
>            # where the php files to pass to the listener.
>                fastcgi_param  SCRIPT_FILENAME
> /var/www/localhost/htdocs/mysub.domain.tld$fastcgi_script_name;
>                }
>        }
> 
> 
> Now there are 2 problems
> - it only denies access to http://mysub.domain.tld/  if i connect from
> another host
> - if i connect from the right host when i try to access
> http://mysub.domain.tld/ it wants me to download or open a file... if i try
> http://mysub.domain.tld/index.php it works ok... same with
> http://mysub.domain.tld/myadmin for example still wants me to download/open
> file but works with http://mysub.domain.tld/myadmin/index.php
> 
> i tried with location ~ .* also but i get the same result except that it
> correctly denies access to everything apparently... but i still can't see
> the site from an allowed ip
> 
> What im doing wrong?
> 
> location ~ .*

I can not understand the described situation, but if you want to deny
access to the whole site from anywhere except 192.168.2.2, then you should
set up access/deny rules at server level, and they will be inherited
to all locations.


-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list