Blocking all URIs except for one directory

Igal @ Lucee.org igal at lucee.org
Fri Apr 28 03:25:36 UTC 2017


Maxim,

Thank you for your help, as always!

On 4/26/2017 5:50 AM, Maxim Dounin wrote:
> Hello!
>
> On Tue, Apr 25, 2017 at 12:50:24PM -0700, Igal @ Lucee.org wrote:
>
>> Hello,
>>
>> I want to secure a site using the allow/deny directives so that only
>> allowed networks will be able to access it.  There is one "public"
>> directory, however, that I want to be accessible for everyone.
>>
>> nginx serves as a reverse proxy on that site, and requests for URIs that
>> end with the suffix ".cfm" are proxied to Tomcat.
>>
>> So I currently have something like:
>>
>> location / {
>>       allow 10.0.0.0/24;
>>       deny all;
>> }
>>
>> location /public/ {
>>       allow all;    # does that make sense?
>> }
>>
>> location ~ \.cfm$ {
>>       ## proxy settings go here
>> }
>>
>> Keep in mind that .cfm scripts are both in /public/ as well as in other
>> directories.
>>
>> How can I achieve that?
> Try this instead:
>
>      location / {
>          allow ...
>          deny all;
>
>          location ~ \.cfm$ {
>              ...
>          }
>      }
>
>      location /public/ {
> 	# access allowed to all by default - unless there is
> 	# something restrictive defined on previous levels
>
>          location ~ \.cfm$ {
>              ...
>          }
>      }
>
> You may also find this talk interesting:
>
> https://youtu.be/YWRYbLKsS0I
>

Igal Sapir
Lucee Core Developer
Lucee.org <http://lucee.org/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170427/d7595abe/attachment.html>


More information about the nginx mailing list