allow/deny for a single location, with other location handler

Eden Li eden at mojiti.com
Sun Feb 3 04:18:18 MSK 2008


proxy_* config declarations in the server block trickle down to  
location blocks.

eg:

proxy_set_header X-Forwarded-For $http_x_client_ip;
..
location / { proxy_pass ...; } # (1)
location /account/sync_profile/ { allow 59.150.40.29; deny all;  
proxy_pass ...; } # (2)

both (1) and (2) will pass along the X-Client-IP header

On Feb 2, 2008, at 11:04 AM, Robert Bunting wrote:

> Hi,
>
> I'm using nginx to proxy through to apache, with a simple
>
>    location / {
>        proxy_pass ...
>    }
>
> However, there is one location ( /account/sync_profile/) which I'd  
> like to restrict to just one IP address.
>
> If I add a location for that address,
> location /account/sync_profile/ {
>    allow 59.150.40.29;
>    deny all;
> }
>
> then of course it doesn't get handled by the proxy.
>
> I can't put an
> if ($uri = /account/sync_profile) { allow 59.150.40.29; deny all; }
> inside my main location, since allow, deny won't work there.
>
> I can't use a multi-level if;
>
> I suppose one solution would be to include the proxy config into the  
> restricted location as well, but this seems like unnecessarily  
> verbose..
>
> Any ideas?
>
> thanks,
> robert.
>
>
>
>






More information about the nginx mailing list