Blocking all URIs except for one directory
Igal @ Lucee.org
igal at lucee.org
Fri Apr 28 03:25:36 UTC 2017
Maxim,
Thank you for your help, as always!
On 4/26/2017 5:50 AM, Maxim Dounin wrote:
> Hello!
>
> On Tue, Apr 25, 2017 at 12:50:24PM -0700, Igal @ Lucee.org wrote:
>
>> Hello,
>>
>> I want to secure a site using the allow/deny directives so that only
>> allowed networks will be able to access it. There is one "public"
>> directory, however, that I want to be accessible for everyone.
>>
>> nginx serves as a reverse proxy on that site, and requests for URIs that
>> end with the suffix ".cfm" are proxied to Tomcat.
>>
>> So I currently have something like:
>>
>> location / {
>> allow 10.0.0.0/24;
>> deny all;
>> }
>>
>> location /public/ {
>> allow all; # does that make sense?
>> }
>>
>> location ~ \.cfm$ {
>> ## proxy settings go here
>> }
>>
>> Keep in mind that .cfm scripts are both in /public/ as well as in other
>> directories.
>>
>> How can I achieve that?
> Try this instead:
>
> location / {
> allow ...
> deny all;
>
> location ~ \.cfm$ {
> ...
> }
> }
>
> location /public/ {
> # access allowed to all by default - unless there is
> # something restrictive defined on previous levels
>
> location ~ \.cfm$ {
> ...
> }
> }
>
> You may also find this talk interesting:
>
> https://youtu.be/YWRYbLKsS0I
>
Igal Sapir
Lucee Core Developer
Lucee.org <http://lucee.org/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170427/d7595abe/attachment.html>
More information about the nginx
mailing list