Allow and Deny IP's

Francis Daly francis at daoine.org
Tue Feb 6 23:56:34 UTC 2018


On Tue, Feb 06, 2018 at 01:02:22AM +0100, Ph. Gras wrote:

Hi there,

> location ~* wp-login\.php$ {

> 185.124.153.168 - - [05/Feb/2018:21:36:12 +0100] "GET /wp-login.php HTTP/1.1" 200 1300 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"

> Me too :-(

Have you any reason to believe that this location is used to handle this request?

$ nginx -T | grep 'server\|location'

will possibly give a useful hint in that direction.

For what it is worth, if I use:

==
server {
  listen 8888;
  location /x/ {
    allow 127.0.0.1;
    deny all;
  }
}
==

then

$ curl -i http://127.0.0.1:8888/x/

gives me http 200 (html/x/index.html exists), while

$ curl -i http://127.0.0.2:8888/x/

gives me http 403.

So - "works for me". What do you see, when you test that?

What parts of your current config do you have to add, in order for that
test to fail for you?

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list