ngx_http_access
Anonymous Coward
magasesti at gmail.com
Tue Feb 20 17:19:01 MSK 2007
oh i see
But using your location examples denies access only to /myadmin and
/myadmin/*.php files
and if i try /myadmin/important.txt or anything else i will see it even if
im not in the acl
So for my case to deny access to anything that resides in a folder
location ~ ^/directory/(.*) {
worked ok apparently (you still have to add fastcgi params if u need any php
files to work in that dir :P)
Thank you again Igor for a great software and support.
On 2/20/07, Igor Sysoev <is at rambler-co.ru> wrote:
>
> On Tue, Feb 20, 2007 at 03:40:19PM +0200, Anonymous Coward wrote:
>
> > oh, dumb me... i didn't knew you can setup access at server level
> >
> > Anyway, the problem still persists if i want to deny access just to
> > http://sub.domain.tld/myadmin using this
> >
> > location /myadmin {
> > allow 192.168.2.2;
> > deny all;
> > }
> >
> > Ill try to explain again... with that config if a user let's say from
> > 192.168.2.3 is trying to see http://sub.domain.tld/myadmin he gets
> access
> > denied which is OK... but if he tries
> > http://sub.domain.tld/myadmin/index.php he can see the site with no
> problem
> >
> > (the problem with http://sub.domain.tld/ not working and
> > http://sub.domain.tld/index.php working was apparently from Firefox,
> fixed
> > after cleared the cache, weird tho')
> >
> > i hope that was more clear :)
>
> See the order of location processing:
> http://wiki.codemongers.com/NginxHttpCoreModule#location
>
> You need something like this:
>
> location / {
> ...
> }
>
> location /myadmin { # static /myadmin files
> allow 192.168.2.2;
> deny all;
> ...
> }
>
> location ~ ^/myadmin/.+\.php$ {
> allow 192.168.2.2;
> deny all;
> ...
> fastcgi settings
> }
>
> location ~ .php$ {
> ...
> fastcgi settings
> }
>
>
>
> > On 2/20/07, Igor Sysoev <is at rambler-co.ru> wrote:
> > >
> > >On Tue, Feb 20, 2007 at 02:39:19PM +0200, Anonymous Coward wrote:
> > >
> > >> im trying to deny access to everything that it's a dir/vhost using
> the
> > >> following config
> > >>
> > >> server {
> > >> listen 192.168.2.1;
> > >> server_name mysub.domain.tld;
> > >>
> > >> access_log /var/log/nginx/localhost.access_log
> main;
> > >> error_log /var/log/nginx/localhost.error_log;
> > >>
> > >> root /var/www/localhost/htdocs/mysub.domain.tld;
> > >> location / {
> > >> allow 192.168.2.2;
> > >> deny all;
> > >> }
> > >> location /nginx_status {
> > >> stub_status on;
> > >> access_log off;
> > >> allow 127.0.0.1;
> > >> deny all;
> > >> }
> > >> location ~ .php$ {
> > >> include /etc/nginx/fastcgi_params;
> > >> fastcgi_pass 127.0.0.1:1105;
> > >> fastcgi_index index.php;
> > >>
> > >> # where the php files to pass to the listener.
> > >> fastcgi_param SCRIPT_FILENAME
> > >> /var/www/localhost/htdocs/mysub.domain.tld$fastcgi_script_name;
> > >> }
> > >> }
> > >>
> > >>
> > >> Now there are 2 problems
> > >> - it only denies access to http://mysub.domain.tld/ if i connect
> from
> > >> another host
> > >> - if i connect from the right host when i try to access
> > >> http://mysub.domain.tld/ it wants me to download or open a file... if
> i
> > >try
> > >> http://mysub.domain.tld/index.php it works ok... same with
> > >> http://mysub.domain.tld/myadmin for example still wants me to
> > >download/open
> > >> file but works with http://mysub.domain.tld/myadmin/index.php
> > >>
> > >> i tried with location ~ .* also but i get the same result except that
> it
> > >> correctly denies access to everything apparently... but i still can't
> > >see
> > >> the site from an allowed ip
> > >>
> > >> What im doing wrong?
> > >>
> > >> location ~ .*
> > >
> > >I can not understand the described situation, but if you want to deny
> > >access to the whole site from anywhere except 192.168.2.2, then you
> should
> > >set up access/deny rules at server level, and they will be inherited
> > >to all locations.
> > >
> > >
> > >--
> > >Igor Sysoev
> > >http://sysoev.ru/en/
> > >
> > >
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20070220/e3259949/attachment.html>
More information about the nginx
mailing list