Block extension for specified IP address
Francis Daly
francis at daoine.org
Tue Jan 5 18:07:06 UTC 2021
On Fri, Jan 01, 2021 at 02:54:21AM -0500, Dr_tux wrote:
Hi there,
> I'm stuck in this. I am open to your suggestions. Thank you.
Untested by me, but...
> I have a reverse proxy configuration as follows, I want to block exe
> extensions for requests from here. But it doesn't work. How can I do that ?
I would probably use "map" to set a variable $block_this_extension
to 1 or empty based on whatever part of the url is relevant to you --
perhaps match the end of $request_filename; perhaps look at $request_uri
or $document_uri.
And then, if the "ok" IP addresses are easy to list in a "map", set a
new variable $block_this_request based on $remote_addr to empty for the
"ok" addresses, defaulting to $block_this_extension.
And then just before the proxy_pass (or whatever you are trying to
protect), if $block_this_request is 1 (or: is not empty), return the
rejection code that you want.
(If the "ok" IP addresses are not easy to list in a map, then "geo"
can be used, but that becomes a little more fiddly, I think.)
http://nginx.org/r/map
Good luck with it,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list