Nginx Directory Listing - Restrict by IP Address

Igor A. Ippolitov iippolitov at nginx.com
Fri May 18 12:17:12 UTC 2018


Hello, guys.

I think, you can try something like this:

location = /downloads/ {
     root /downloads/;
     allow 1.1.1.1;
     autoindex on;
}
location /downloads/ {
     root /downloads/;
}

This will work nicely if you don't need subdirectories.
If you need those, you can use a rewrite like:

map $remote_addr $forbidlisting {
     default 1;
     1.1.1.1 0;
}
location /downloads/ {
     root /downloads/;
     autoindex on;
     if ($forbidlisting) {
         rewrite /downloads(.*) /noindex_downloads$1 last;
     }
}
location /noindex_downloads/ {
     internal;
     root /downloads/;
}


On 18.05.2018 14:17, Friscia, Michael wrote:
>
> I think you need to change this a little
>
> map $remote_addr $allowed {
>     default         “off”;
>     1.1.1.1         “on”;
>     2.2.2.2         “on:;
> }
>
> and then in in the download location block
>
>  autoindex $allowed;
>
> I use similar logic on different variables and try at all costs to 
> avoid IF statements anywhere in the configs.
>
> ___________________________________________
>
> Michael Friscia
>
> Office of Communications
>
> Yale School of Medicine
>
> (203) 737-7932 - office
>
> (203) 931-5381 - mobile
>
> http://web.yale.edu <http://web.yale.edu/>
>
> *From: *nginx <nginx-bounces at nginx.org> on behalf of PRAJITH 
> <prajithpalakkuda at gmail.com>
> *Reply-To: *"nginx at nginx.org" <nginx at nginx.org>
> *Date: *Friday, May 18, 2018 at 2:16 AM
> *To: *"nginx at nginx.org" <nginx at nginx.org>
> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address
>
> Hi Satish,
>
> There are "if" constructs in nginx, please check 
> http://nginx.org/r/if<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=>. 
> if you want to allow multiple IP addresses, it might be better idea to 
> use map. eg:
>
> map $remote_addr $allowed {
>     default         0;
>     1.1.1.1         1;
>     2.2.2.2         1;
> }
>
> and then in in the download location block
>
>  if ($allowed = 1) {
>         autoindex on;
> }
>
> Thanks,
>
> Prajith
>
> On 18 May 2018 at 05:35, Sathish Kumar 
> <satcse88 at gmail.com<mailto:satcse88 at gmail.com>> wrote:
>
>     Hi Team,
>
>     We have a requirement to allow directory listing from few servers
>     and disallow from other ip addresses and all IP addresses should
>     be able to download all files inside the directory.
>
>     Can somebody provide the correct nginx config for the same.
>
>     |location / {|
>
>     |root /downloads;|
>
>     |autoindex on;|
>
>     |allow 1.1.1.1;|
>
>     |deny all;|
>
>     |}|
>
>     If I use the above config, only on 1.1.1.1 IP address can
>     directory list from this server and can file download but from
>     other IP addresses download shows forbidden, due to IP address
>     restriction
>
>     Is there a way to overcome this issue, thanks.
>
>
>     Thanks & Regards
>     Sathish.V
>
>
>     _______________________________________________
>     nginx mailing list
>     nginx at nginx.org<mailto:nginx at nginx.org>
>     http://mailman.nginx.org/mailman/listinfo/nginx<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=>
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180518/084cce11/attachment.html>


More information about the nginx mailing list