Nginx Directory Listing - Restrict by IP Address
Sathish Kumar
satcse88 at gmail.com
Sat May 19 01:39:03 UTC 2018
Hi Igor,
I tried your config and getting error, can you help me.
location / {
alias /downloads/;
root /data/files;
autoindex on;
if ($forbidlisting) {
rewrite ^/(.*) /noindex_root/$1 last;
}
}
location /noindex_root/ {
internal;
alias /downloads/;
}
nginx: [emerg] "root" directive is duplicate, "alias" directive was
specified earlier in domain.conf
Thanks & Regards
Sathish.V
On Sat, May 19, 2018 at 1:03 AM Igor A. Ippolitov <iippolitov at nginx.com>
wrote:
> This works for me:
>
>
> location / {
> alias /downloads/;
> autoindex on;
> if ($forbidlisting) {
> rewrite ^/(.*) /noindex_root/$1 last;
> }
> }
> location /noindex_root/ {
> internal;
> alias /downloads/;
> }
>
>
>
> On 18.05.2018 19:32, Sathish Kumar wrote:
>
> Hi,
>
> I am doing for location /, in that case how will have to change the below
> portion.
>
> location /downloads {
> alias /downloads/;
> autoindex on;
> if ($forbidlisting) {
> rewrite /downloads(.*) /noindex_downloads/$1 last;
> }
> }
> location /noindex_downloads/ {
> internal;
> alias /downloads/;
> }
>
>
>
> On Fri, May 18, 2018, 11:10 PM Igor A. Ippolitov <iippolitov at nginx.com>
> wrote:
>
>> Sathish,
>>
>> I made a couple of minor mistakes.
>>
>> Please, try following configuration:
>>
>>
>> map $remote_addr $forbidlisting {
>> default 1;
>> 1.1.1.1 0;
>> }
>> location /downloads {
>> alias /downloads/;
>> autoindex on;
>> if ($forbidlisting) {
>> rewrite /downloads(.*) /noindex_downloads/$1 last;
>> }
>> }
>> location /noindex_downloads/ {
>> internal;
>> alias /downloads/;
>> }
>>
>>
>> I tried it and it works for me.
>>
>>
>> On 18.05.2018 16:01, Sathish Kumar wrote:
>>
>> Hi,
>>
>> Tried this option it throws rewrite error and am not able to download
>> file from non whitelisted ip addresses.
>>
>>
>> ERROR:
>> rewrite or internal redirection cycle while processing
>> "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
>> client: 3.3.3.3, server: abc.com, request: "GET /Downloads/abcd/file.zip
>>
>>
>> On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <iippolitov at nginx.com>
>> wrote:
>>
>>> Hello, guys.
>>>
>>> I think, you can try something like this:
>>>
>>> location = /downloads/ {
>>> root /downloads/;
>>> allow 1.1.1.1;
>>> autoindex on;
>>> }
>>> location /downloads/ {
>>> root /downloads/;
>>> }
>>>
>>> This will work nicely if you don't need subdirectories.
>>> If you need those, you can use a rewrite like:
>>>
>>> map $remote_addr $forbidlisting {
>>> default 1;
>>> 1.1.1.1 0;
>>> }
>>> location /downloads/ {
>>> root /downloads/;
>>> autoindex on;
>>> if ($forbidlisting) {
>>> rewrite /downloads(.*) /noindex_downloads$1 last;
>>> }
>>> }
>>> location /noindex_downloads/ {
>>> internal;
>>> root /downloads/;
>>> }
>>>
>>>
>>> On 18.05.2018 14:17, Friscia, Michael wrote:
>>>
>>> I think you need to change this a little
>>>
>>>
>>>
>>> map $remote_addr $allowed {
>>> default “off”;
>>> 1.1.1.1 “on”;
>>> 2.2.2.2 “on:;
>>> }
>>>
>>> and then in in the download location block
>>>
>>> autoindex $allowed;
>>>
>>> I use similar logic on different variables and try at all costs to avoid
>>> IF statements anywhere in the configs.
>>>
>>>
>>>
>>> ___________________________________________
>>>
>>> Michael Friscia
>>>
>>> Office of Communications
>>>
>>> Yale School of Medicine
>>>
>>> (203) 737-7932 - office
>>>
>>> (203) 931-5381 - mobile
>>>
>>> http://web.yale.edu
>>>
>>>
>>>
>>> *From: *nginx <nginx-bounces at nginx.org> <nginx-bounces at nginx.org> on
>>> behalf of PRAJITH <prajithpalakkuda at gmail.com>
>>> <prajithpalakkuda at gmail.com>
>>> *Reply-To: *"nginx at nginx.org" <nginx at nginx.org> <nginx at nginx.org>
>>> <nginx at nginx.org>
>>> *Date: *Friday, May 18, 2018 at 2:16 AM
>>> *To: *"nginx at nginx.org" <nginx at nginx.org> <nginx at nginx.org>
>>> <nginx at nginx.org>
>>> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address
>>>
>>>
>>>
>>> Hi Satish,
>>>
>>> There are "if" constructs in nginx, please check http://nginx.org/r/if
>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=>.
>>> if you want to allow multiple IP addresses, it might be better idea to use
>>> map. eg:
>>>
>>> map $remote_addr $allowed {
>>> default 0;
>>> 1.1.1.1 1;
>>> 2.2.2.2 1;
>>> }
>>>
>>> and then in in the download location block
>>>
>>> if ($allowed = 1) {
>>> autoindex on;
>>> }
>>>
>>> Thanks,
>>>
>>> Prajith
>>>
>>>
>>>
>>> On 18 May 2018 at 05:35, Sathish Kumar <satcse88 at gmail.com> wrote:
>>>
>>> Hi Team,
>>>
>>> We have a requirement to allow directory listing from few servers and
>>> disallow from other ip addresses and all IP addresses should be able to
>>> download all files inside the directory.
>>>
>>> Can somebody provide the correct nginx config for the same.
>>>
>>> location / {
>>>
>>> root /downloads;
>>>
>>> autoindex on;
>>>
>>> allow 1.1.1.1;
>>>
>>> deny all;
>>>
>>> }
>>>
>>> If I use the above config, only on 1.1.1.1 IP address can directory list
>>> from this server and can file download but from other IP addresses download
>>> shows forbidden, due to IP address restriction
>>>
>>> Is there a way to overcome this issue, thanks.
>>>
>>>
>>> Thanks & Regards
>>> Sathish.V
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> nginx mailing listnginx at nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>>
>> _______________________________________________
>> nginx mailing listnginx at nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
> _______________________________________________
> nginx mailing listnginx at nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180519/a0770785/attachment-0001.html>
More information about the nginx
mailing list