Blocking all URIs except for one directory
Maxim Dounin
mdounin at mdounin.ru
Wed Apr 26 12:50:56 UTC 2017
Hello!
On Tue, Apr 25, 2017 at 12:50:24PM -0700, Igal @ Lucee.org wrote:
> Hello,
>
> I want to secure a site using the allow/deny directives so that only
> allowed networks will be able to access it. There is one "public"
> directory, however, that I want to be accessible for everyone.
>
> nginx serves as a reverse proxy on that site, and requests for URIs that
> end with the suffix ".cfm" are proxied to Tomcat.
>
> So I currently have something like:
>
> location / {
> allow 10.0.0.0/24;
> deny all;
> }
>
> location /public/ {
> allow all; # does that make sense?
> }
>
> location ~ \.cfm$ {
> ## proxy settings go here
> }
>
> Keep in mind that .cfm scripts are both in /public/ as well as in other
> directories.
>
> How can I achieve that?
Try this instead:
location / {
allow ...
deny all;
location ~ \.cfm$ {
...
}
}
location /public/ {
# access allowed to all by default - unless there is
# something restrictive defined on previous levels
location ~ \.cfm$ {
...
}
}
You may also find this talk interesting:
https://youtu.be/YWRYbLKsS0I
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list