Allow/Deny rules in Location block

nanaya me at nanaya.net
Wed Jan 25 05:27:06 UTC 2023


Just adding, if it's `location /auth {}`, it'll also match /autha, /authb, /authsomething/something, not just limited to /auth/*.

On Wed, Jan 25, 2023, at 01:56, Reinis Rozitis wrote:
>> There are other locations like /auth, /auth/, /auth/admin, /auth/admin/ and few more which have the same rules. I am trying to restrict access to /auth and /auth/admin which are sensitive for public access. Do you think removing "=" can help in this case? 
>
>
> '=' in location definition means that nginx will use it only on exact uri match.
>
> if you have location = /auth {} but client requests /auth/admin (unless 
> you have also location = /auth/admin) then that particular location 
> configuration won't be used and will match the 'location / {}' which in 
> your configuration sample was proxied without any deny rules.
>
> By removing the '=' it means all the /auth, /auth/* requests will be 
> processed in that location.
>
> Good to also check the documentation on it 
> http://nginx.org/en/docs/http/ngx_http_core_module.html#location
>
> rr
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx


More information about the nginx mailing list