allow/deny for a single location, with other location handler
Robert Bunting
robert at exoweb.net
Sun Feb 3 05:50:48 MSK 2008
Thanks Eden, I guess that way will allow me to put the minimum amount of
config in each location directive, at least.
So for the record, I ended up with:
server {
...
proxy_buffers ...;
proxy_set_header...;
... other global proxy options;
location / {
proxy_pass http://bella;
}
location /special_url/ {
allow 59.150.40.29;
deny all;
proxy_pass http://bella;
}
location /static/ {
...
}
}
Not so bad, as long as I don't have too many of these special
per-location rules.
thanks,
robert.
Eden Li wrote:
> proxy_* config declarations in the server block trickle down to location
> blocks.
>
> eg:
>
> proxy_set_header X-Forwarded-For $http_x_client_ip;
> ..
> location / { proxy_pass ...; } # (1)
> location /account/sync_profile/ { allow 59.150.40.29; deny all;
> proxy_pass ...; } # (2)
>
> both (1) and (2) will pass along the X-Client-IP header
>
> On Feb 2, 2008, at 11:04 AM, Robert Bunting wrote:
>
>> Hi,
>>
>> I'm using nginx to proxy through to apache, with a simple
>>
>> location / {
>> proxy_pass ...
>> }
>>
>> However, there is one location ( /account/sync_profile/) which I'd
>> like to restrict to just one IP address.
>>
>> If I add a location for that address,
>> location /account/sync_profile/ {
>> allow 59.150.40.29;
>> deny all;
>> }
>>
>> then of course it doesn't get handled by the proxy.
>>
>> I can't put an
>> if ($uri = /account/sync_profile) { allow 59.150.40.29; deny all; }
>> inside my main location, since allow, deny won't work there.
>>
>> I can't use a multi-level if;
>>
>> I suppose one solution would be to include the proxy config into the
>> restricted location as well, but this seems like unnecessarily verbose..
>>
>> Any ideas?
>>
>> thanks,
>> robert.
>>
>>
>>
>>
>
>
>
More information about the nginx
mailing list