Allow/Deny rules in Location block

Ian Hobson hobson42 at gmail.com
Mon Jan 23 11:57:11 UTC 2023


Hi Sandeep,

I rather suspect that your top two CIDR allow lines are allowing too 
many people in.

Remove them, and check that only the last two lines are
allowed in.

Then create the two top addresses very carefully, and test.

1.2.3.4/8 allows all C level addresses of the format 1.*.*.* in. I think 
you need 1.2.3.4/24 which allows all of the format
1.2.3.*

Hope this helps.

Ian

On 23/01/2023 16:34, sandeep dubey wrote:
> Hello,
> 
> I am trying to restrict some Location block in my Nginx configuration to 
> specific IPs. Below are the changes I made -
> 
> Version: nginx:1.21.0
> 
>     location / {
>                  proxy_pass http://127.0.0.1:8080 <http://127.0.0.1:8080>;
>              }
> 
>        location = /auth {
>                  proxy_pass http://127.0.0.1:8080 <http://127.0.0.1:8080>;
>                  allow 1.2.3.4/8 <http://1.2.3.4/8>;
>                  allow 5.6.7.8/16 <http://5.6.7.8/16>;
>                  allow my.vpn.ip.here;
>                  allow my.public.ip.here;
>                  deny all;
>                  error_page 403 /usr/share/nginx/html/403.html;
>                  auth_basic "Administrator’s area";
>                  auth_basic_user_file /etc/nginx/.htpasswd;
>              }
> 
> Here, the deny rule is not working. Users are still able to access the 
> page publicly. Am I missing something?
> 
> -- 
> Regards,
> Sandeep
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx

-- 
Ian Hobson
Tel (+66) 626 544 695


More information about the nginx mailing list