7 messages in ru.sysoev.nginxRe: ngx_http_access| From | Sent On | Attachments |
|---|---|---|
| Anonymous Coward | Feb 20, 2007 4:38 am | |
| Igor Sysoev | Feb 20, 2007 5:01 am | |
| Anonymous Coward | Feb 20, 2007 5:39 am | |
| Anonymous Coward | Feb 20, 2007 5:42 am | |
| Igor Sysoev | Feb 20, 2007 5:52 am | |
| Anonymous Coward | Feb 20, 2007 6:18 am | |
| Igor Sysoev | Feb 20, 2007 6:30 am |
| Subject: | Re: ngx_http_access | |
|---|---|---|
| From: | Anonymous Coward (maga...@public.gmane.org) | |
| Date: | Feb 20, 2007 6:18:38 am | |
| List: | ru.sysoev.nginx | |
oh i see
But using your location examples denies access only to /myadmin and /myadmin/*.php files and if i try /myadmin/important.txt or anything else i will see it even if im not in the acl
So for my case to deny access to anything that resides in a folder
location ~ ^/directory/(.*) {
worked ok apparently (you still have to add fastcgi params if u need any php files to work in that dir :P)
Thank you again Igor for a great software and support.
On 2/20/07, Igor Sysoev <is-G...@public.gmane.org> wrote:
On Tue, Feb 20, 2007 at 03:40:19PM +0200, Anonymous Coward wrote:
oh, dumb me... i didn't knew you can setup access at server level
Anyway, the problem still persists if i want to deny access just to http://sub.domain.tld/myadmin using this
location /myadmin { allow 192.168.2.2; deny all; }
Ill try to explain again... with that config if a user let's say from 192.168.2.3 is trying to see http://sub.domain.tld/myadmin he gets access denied which is OK... but if he tries http://sub.domain.tld/myadmin/index.php he can see the site with no problem
(the problem with http://sub.domain.tld/ not working and http://sub.domain.tld/index.php working was apparently from Firefox, fixed after cleared the cache, weird tho')
i hope that was more clear :)
See the order of location processing: http://wiki.codemongers.com/NginxHttpCoreModule#location
You need something like this:
location / { ... }
location /myadmin { # static /myadmin files allow 192.168.2.2; deny all; ... }
location ~ ^/myadmin/.+\.php$ { allow 192.168.2.2; deny all; ... fastcgi settings }
location ~ .php$ { ... fastcgi settings }
On 2/20/07, Igor Sysoev <is-G...@public.gmane.org> wrote:
On Tue, Feb 20, 2007 at 02:39:19PM +0200, Anonymous Coward wrote:
im trying to deny access to everything that it's a dir/vhost using the following config
server { listen 192.168.2.1; server_name mysub.domain.tld;
access_log /var/log/nginx/localhost.access_log main; error_log /var/log/nginx/localhost.error_log;
root /var/www/localhost/htdocs/mysub.domain.tld; location / { allow 192.168.2.2; deny all; } location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } location ~ .php$ { include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:1105; fastcgi_index index.php;
# where the php files to pass to the listener. fastcgi_param SCRIPT_FILENAME /var/www/localhost/htdocs/mysub.domain.tld$fastcgi_script_name; } }
Now there are 2 problems - it only denies access to http://mysub.domain.tld/ if i connect from another host - if i connect from the right host when i try to access http://mysub.domain.tld/ it wants me to download or open a file... if
i
try
http://mysub.domain.tld/index.php it works ok... same with http://mysub.domain.tld/myadmin for example still wants me to download/open file but works with http://mysub.domain.tld/myadmin/index.php
i tried with location ~ .* also but i get the same result except that it correctly denies access to everything apparently... but i still can't see the site from an allowed ip
What im doing wrong?
location ~ .*
I can not understand the described situation, but if you want to deny access to the whole site from anywhere except 192.168.2.2, then you should set up access/deny rules at server level, and they will be inherited to all locations.
-- Igor Sysoev http://sysoev.ru/en/
-- Igor Sysoev http://sysoev.ru/en/