Nginx Directory Listing - Restrict by IP Address

Igor A. Ippolitov iippolitov at nginx.com
Fri May 18 15:10:06 UTC 2018


Sathish,

I made a couple of minor mistakes.

Please, try following configuration:

>
> map $remote_addr $forbidlisting {
>     default 1;
>     1.1.1.1 0;
> }
> location /downloads {
>     alias /downloads/;
>     autoindex on;
>     if ($forbidlisting) {
>         rewrite /downloads(.*) /noindex_downloads/$1 last;
>     }
> }
> location /noindex_downloads/ {
>     internal;
>     alias /downloads/;
> }

I tried it and it works for me.


On 18.05.2018 16:01, Sathish Kumar wrote:
> Hi,
>
> Tried this option it throws rewrite error and am not able to download 
> file from non whitelisted ip addresses.
>
>
> ERROR:
> rewrite or internal redirection cycle while processing 
> "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip", 
> client: 3.3.3.3, server: abc.com <http://abc.com>, request: "GET 
> /Downloads/abcd/file.zip
>
>
> On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <iippolitov at nginx.com 
> <mailto:iippolitov at nginx.com>> wrote:
>
>     Hello, guys.
>
>     I think, you can try something like this:
>
>     location = /downloads/ {
>         root /downloads/;
>         allow 1.1.1.1;
>         autoindex on;
>     }
>     location /downloads/ {
>         root /downloads/;
>     }
>
>     This will work nicely if you don't need subdirectories.
>     If you need those, you can use a rewrite like:
>
>     map $remote_addr $forbidlisting {
>         default 1;
>         1.1.1.1 0;
>     }
>     location /downloads/ {
>         root /downloads/;
>         autoindex on;
>         if ($forbidlisting) {
>             rewrite /downloads(.*) /noindex_downloads$1 last;
>         }
>     }
>     location /noindex_downloads/ {
>         internal;
>         root /downloads/;
>     }
>
>
>     On 18.05.2018 14:17, Friscia, Michael wrote:
>>
>>     I think you need to change this a little
>>
>>     map $remote_addr $allowed {
>>         default         “off”;
>>         1.1.1.1         “on”;
>>         2.2.2.2         “on:;
>>     }
>>
>>     and then in in the download location block
>>
>>      autoindex $allowed;
>>
>>     I use similar logic on different variables and try at all costs
>>     to avoid IF statements anywhere in the configs.
>>
>>     ___________________________________________
>>
>>     Michael Friscia
>>
>>     Office of Communications
>>
>>     Yale School of Medicine
>>
>>     (203) 737-7932 - office
>>
>>     (203) 931-5381 - mobile
>>
>>     http://web.yale.edu <http://web.yale.edu/>
>>
>>     *From: *nginx <nginx-bounces at nginx.org>
>>     <mailto:nginx-bounces at nginx.org> on behalf of PRAJITH
>>     <prajithpalakkuda at gmail.com> <mailto:prajithpalakkuda at gmail.com>
>>     *Reply-To: *"nginx at nginx.org" <mailto:nginx at nginx.org>
>>     <nginx at nginx.org> <mailto:nginx at nginx.org>
>>     *Date: *Friday, May 18, 2018 at 2:16 AM
>>     *To: *"nginx at nginx.org" <mailto:nginx at nginx.org>
>>     <nginx at nginx.org> <mailto:nginx at nginx.org>
>>     *Subject: *Re: Nginx Directory Listing - Restrict by IP Address
>>
>>     Hi Satish,
>>
>>     There are "if" constructs in nginx, please check
>>     http://nginx.org/r/if<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=>.
>>     if you want to allow multiple IP addresses, it might be better
>>     idea to use map. eg:
>>
>>     map $remote_addr $allowed {
>>         default         0;
>>         1.1.1.1         1;
>>         2.2.2.2         1;
>>     }
>>
>>     and then in in the download location block
>>
>>      if ($allowed = 1) {
>>             autoindex on;
>>     }
>>
>>     Thanks,
>>
>>     Prajith
>>
>>     On 18 May 2018 at 05:35, Sathish Kumar
>>     <satcse88 at gmail.com<mailto:satcse88 at gmail.com>> wrote:
>>
>>         Hi Team,
>>
>>         We have a requirement to allow directory listing from few
>>         servers and disallow from other ip addresses and all IP
>>         addresses should be able to download all files inside the
>>         directory.
>>
>>         Can somebody provide the correct nginx config for the same.
>>
>>         |location / {|
>>
>>         |root /downloads;|
>>
>>         |autoindex on;|
>>
>>         |allow 1.1.1.1;|
>>
>>         |deny all;|
>>
>>         |}|
>>
>>         If I use the above config, only on 1.1.1.1 IP address can
>>         directory list from this server and can file download but
>>         from other IP addresses download shows forbidden, due to IP
>>         address restriction
>>
>>         Is there a way to overcome this issue, thanks.
>>
>>
>>         Thanks & Regards
>>         Sathish.V
>>
>>
>>         _______________________________________________
>>         nginx mailing list
>>         nginx at nginx.org<mailto:nginx at nginx.org>
>>         http://mailman.nginx.org/mailman/listinfo/nginx<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=>
>>
>>
>>
>>     _______________________________________________
>>     nginx mailing list
>>     nginx at nginx.org <mailto:nginx at nginx.org>
>>     http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>     _______________________________________________
>     nginx mailing list
>     nginx at nginx.org <mailto:nginx at nginx.org>
>     http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180518/eeabeb30/attachment-0001.html>


More information about the nginx mailing list