Allow/Deny rules in Location block
Ian Hobson
hobson42 at gmail.com
Mon Jan 23 11:57:11 UTC 2023
Hi Sandeep,
I rather suspect that your top two CIDR allow lines are allowing too
many people in.
Remove them, and check that only the last two lines are
allowed in.
Then create the two top addresses very carefully, and test.
1.2.3.4/8 allows all C level addresses of the format 1.*.*.* in. I think
you need 1.2.3.4/24 which allows all of the format
1.2.3.*
Hope this helps.
Ian
On 23/01/2023 16:34, sandeep dubey wrote:
> Hello,
>
> I am trying to restrict some Location block in my Nginx configuration to
> specific IPs. Below are the changes I made -
>
> Version: nginx:1.21.0
>
> location / {
> proxy_pass http://127.0.0.1:8080 <http://127.0.0.1:8080>;
> }
>
> location = /auth {
> proxy_pass http://127.0.0.1:8080 <http://127.0.0.1:8080>;
> allow 1.2.3.4/8 <http://1.2.3.4/8>;
> allow 5.6.7.8/16 <http://5.6.7.8/16>;
> allow my.vpn.ip.here;
> allow my.public.ip.here;
> deny all;
> error_page 403 /usr/share/nginx/html/403.html;
> auth_basic "Administrator’s area";
> auth_basic_user_file /etc/nginx/.htpasswd;
> }
>
> Here, the deny rule is not working. Users are still able to access the
> page publicly. Am I missing something?
>
> --
> Regards,
> Sandeep
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
--
Ian Hobson
Tel (+66) 626 544 695
More information about the nginx
mailing list