ngx_http_access
Anonymous Coward
magasesti at gmail.com
Tue Feb 20 16:40:19 MSK 2007
oh, dumb me... i didn't knew you can setup access at server level
Anyway, the problem still persists if i want to deny access just to
http://sub.domain.tld/myadmin using this
location /myadmin {
allow 192.168.2.2;
deny all;
}
Ill try to explain again... with that config if a user let's say from
192.168.2.3 is trying to see http://sub.domain.tld/myadmin he gets access
denied which is OK... but if he tries
http://sub.domain.tld/myadmin/index.php he can see the site with no problem
(the problem with http://sub.domain.tld/ not working and
http://sub.domain.tld/index.php working was apparently from Firefox, fixed
after cleared the cache, weird tho')
i hope that was more clear :)
On 2/20/07, Igor Sysoev <is at rambler-co.ru> wrote:
>
> On Tue, Feb 20, 2007 at 02:39:19PM +0200, Anonymous Coward wrote:
>
> > im trying to deny access to everything that it's a dir/vhost using the
> > following config
> >
> > server {
> > listen 192.168.2.1;
> > server_name mysub.domain.tld;
> >
> > access_log /var/log/nginx/localhost.access_log main;
> > error_log /var/log/nginx/localhost.error_log;
> >
> > root /var/www/localhost/htdocs/mysub.domain.tld;
> > location / {
> > allow 192.168.2.2;
> > deny all;
> > }
> > location /nginx_status {
> > stub_status on;
> > access_log off;
> > allow 127.0.0.1;
> > deny all;
> > }
> > location ~ .php$ {
> > include /etc/nginx/fastcgi_params;
> > fastcgi_pass 127.0.0.1:1105;
> > fastcgi_index index.php;
> >
> > # where the php files to pass to the listener.
> > fastcgi_param SCRIPT_FILENAME
> > /var/www/localhost/htdocs/mysub.domain.tld$fastcgi_script_name;
> > }
> > }
> >
> >
> > Now there are 2 problems
> > - it only denies access to http://mysub.domain.tld/ if i connect from
> > another host
> > - if i connect from the right host when i try to access
> > http://mysub.domain.tld/ it wants me to download or open a file... if i
> try
> > http://mysub.domain.tld/index.php it works ok... same with
> > http://mysub.domain.tld/myadmin for example still wants me to
> download/open
> > file but works with http://mysub.domain.tld/myadmin/index.php
> >
> > i tried with location ~ .* also but i get the same result except that it
> > correctly denies access to everything apparently... but i still can't
> see
> > the site from an allowed ip
> >
> > What im doing wrong?
> >
> > location ~ .*
>
> I can not understand the described situation, but if you want to deny
> access to the whole site from anywhere except 192.168.2.2, then you should
> set up access/deny rules at server level, and they will be inherited
> to all locations.
>
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20070220/318d3620/attachment.html>
More information about the nginx
mailing list