Allow/Deny rules in Location block
sandeep dubey
sandeep.sanash at gmail.com
Wed Jan 25 05:54:42 UTC 2023
I have attached my config file which may help to understand it better. With
this change, I am getting "404 - Not Found" error and in log it says
[error] 11#11: *49 access forbidden by rule, client: 10.48.11.9, server: _,
request: "GET /auth/ HTTP/1.1", host: "my.domain.info", referrer: "
https://my.domain.info"
It seems that the rule is working but at some wrong place, I am not sure
how to organise or set the right sequence here.
On Tue, Jan 24, 2023 at 10:26 PM Reinis Rozitis <r at roze.lv> wrote:
> > There are other locations like /auth, /auth/, /auth/admin, /auth/admin/
> and few more which have the same rules. I am trying to restrict access to
> /auth and /auth/admin which are sensitive for public access. Do you think
> removing "=" can help in this case?
>
>
> '=' in location definition means that nginx will use it only on exact uri
> match.
>
> if you have location = /auth {} but client requests /auth/admin (unless
> you have also location = /auth/admin) then that particular location
> configuration won't be used and will match the 'location / {}' which in
> your configuration sample was proxied without any deny rules.
>
> By removing the '=' it means all the /auth, /auth/* requests will be
> processed in that location.
>
> Good to also check the documentation on it
> http://nginx.org/en/docs/http/ngx_http_core_module.html#location
>
> rr
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>
--
Regards,
Sandeep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230125/4b38bcfb/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ngxinx.conf
Type: application/octet-stream
Size: 4979 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230125/4b38bcfb/attachment.obj>
More information about the nginx
mailing list