Allow/Deny rules in Location block
sandeep dubey
sandeep.sanash at gmail.com
Wed Jan 25 05:55:45 UTC 2023
Thanks Daniel for the reply.
I have attached my config file for reference in a previous reply.
On Wed, Jan 25, 2023 at 10:58 AM nanaya <me at nanaya.net> wrote:
> Just adding, if it's `location /auth {}`, it'll also match /autha, /authb,
> /authsomething/something, not just limited to /auth/*.
>
> On Wed, Jan 25, 2023, at 01:56, Reinis Rozitis wrote:
> >> There are other locations like /auth, /auth/, /auth/admin, /auth/admin/
> and few more which have the same rules. I am trying to restrict access to
> /auth and /auth/admin which are sensitive for public access. Do you think
> removing "=" can help in this case?
> >
> >
> > '=' in location definition means that nginx will use it only on exact
> uri match.
> >
> > if you have location = /auth {} but client requests /auth/admin (unless
> > you have also location = /auth/admin) then that particular location
> > configuration won't be used and will match the 'location / {}' which in
> > your configuration sample was proxied without any deny rules.
> >
> > By removing the '=' it means all the /auth, /auth/* requests will be
> > processed in that location.
> >
> > Good to also check the documentation on it
> > http://nginx.org/en/docs/http/ngx_http_core_module.html#location
> >
> > rr
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > https://mailman.nginx.org/mailman/listinfo/nginx
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>
--
Regards,
Sandeep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230125/933b4073/attachment-0001.htm>
More information about the nginx
mailing list