ngx_http_access
Igor Sysoev
is at rambler-co.ru
Tue Feb 20 16:52:53 MSK 2007
On Tue, Feb 20, 2007 at 03:40:19PM +0200, Anonymous Coward wrote:
> oh, dumb me... i didn't knew you can setup access at server level
>
> Anyway, the problem still persists if i want to deny access just to
> http://sub.domain.tld/myadmin using this
>
> location /myadmin {
> allow 192.168.2.2;
> deny all;
> }
>
> Ill try to explain again... with that config if a user let's say from
> 192.168.2.3 is trying to see http://sub.domain.tld/myadmin he gets access
> denied which is OK... but if he tries
> http://sub.domain.tld/myadmin/index.php he can see the site with no problem
>
> (the problem with http://sub.domain.tld/ not working and
> http://sub.domain.tld/index.php working was apparently from Firefox, fixed
> after cleared the cache, weird tho')
>
> i hope that was more clear :)
See the order of location processing:
http://wiki.codemongers.com/NginxHttpCoreModule#location
You need something like this:
location / {
...
}
location /myadmin { # static /myadmin files
allow 192.168.2.2;
deny all;
...
}
location ~ ^/myadmin/.+\.php$ {
allow 192.168.2.2;
deny all;
...
fastcgi settings
}
location ~ .php$ {
...
fastcgi settings
}
> On 2/20/07, Igor Sysoev <is at rambler-co.ru> wrote:
> >
> >On Tue, Feb 20, 2007 at 02:39:19PM +0200, Anonymous Coward wrote:
> >
> >> im trying to deny access to everything that it's a dir/vhost using the
> >> following config
> >>
> >> server {
> >> listen 192.168.2.1;
> >> server_name mysub.domain.tld;
> >>
> >> access_log /var/log/nginx/localhost.access_log main;
> >> error_log /var/log/nginx/localhost.error_log;
> >>
> >> root /var/www/localhost/htdocs/mysub.domain.tld;
> >> location / {
> >> allow 192.168.2.2;
> >> deny all;
> >> }
> >> location /nginx_status {
> >> stub_status on;
> >> access_log off;
> >> allow 127.0.0.1;
> >> deny all;
> >> }
> >> location ~ .php$ {
> >> include /etc/nginx/fastcgi_params;
> >> fastcgi_pass 127.0.0.1:1105;
> >> fastcgi_index index.php;
> >>
> >> # where the php files to pass to the listener.
> >> fastcgi_param SCRIPT_FILENAME
> >> /var/www/localhost/htdocs/mysub.domain.tld$fastcgi_script_name;
> >> }
> >> }
> >>
> >>
> >> Now there are 2 problems
> >> - it only denies access to http://mysub.domain.tld/ if i connect from
> >> another host
> >> - if i connect from the right host when i try to access
> >> http://mysub.domain.tld/ it wants me to download or open a file... if i
> >try
> >> http://mysub.domain.tld/index.php it works ok... same with
> >> http://mysub.domain.tld/myadmin for example still wants me to
> >download/open
> >> file but works with http://mysub.domain.tld/myadmin/index.php
> >>
> >> i tried with location ~ .* also but i get the same result except that it
> >> correctly denies access to everything apparently... but i still can't
> >see
> >> the site from an allowed ip
> >>
> >> What im doing wrong?
> >>
> >> location ~ .*
> >
> >I can not understand the described situation, but if you want to deny
> >access to the whole site from anywhere except 192.168.2.2, then you should
> >set up access/deny rules at server level, and they will be inherited
> >to all locations.
> >
> >
> >--
> >Igor Sysoev
> >http://sysoev.ru/en/
> >
> >
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list