Allow/Deny rules in Location block

sandeep dubey sandeep.sanash at gmail.com
Tue Jan 24 05:40:57 UTC 2023


Thanks Reinis for the reply,

There are other locations like /auth, /auth/, /auth/admin, /auth/admin/ and
few more which have the same rules. I am trying to restrict access to /auth
and /auth/admin which are sensitive for public access. Do you think
removing "=" can help in this case?

On Mon, Jan 23, 2023 at 6:08 PM Reinis Rozitis <r at roze.lv> wrote:

> > I am trying to restrict some Location block in my Nginx configuration to
> > specific IPs. Below are the changes I made -
> >
> >        location = /auth {
> >              }
> >
> > Here, the deny rule is not working. Users are still able to access the
> > page publicly. Am I missing something?
>
> Are you sure that the request is exactly /auth since anything else like
> /auth/ or /auth/something will land in the first location block without any
> restrictions defined.
> Try to remove the '=' and see if it works then.
>
> rr
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>


-- 
Regards,
Sandeep
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230124/d42ae26c/attachment.htm>


More information about the nginx mailing list