Nginx - Block access to portion of path only, to all but specified IP range

Question

I'm trying block access to a portion of a path via Nginx, unless the source IP is within a specified range.

I think I've got this mostly working through much trial and error, but I seem to run into trouble when the path contains query strings:

Shouldn't work (unless within specified IP range):

/login

/login/

Should work (even publicly):

/login/anything-else

/login?username=user@whatever-domain.co.uk&type=pro

Current location block:

   location ~ ^/(login|login/)$ {
    allow 10.0.102.0/24;
    deny all;
    return 403;
}

Any suggestions would be most welcome, thanks!

score 0 · Answer 1 · answered Dec 11 '22 at 22:05

The following configuration only allows incoming requests to the /login URL path to be accessed from the IP address ranges 192.168.1.0/24 and 192.168.2.0/24:

server {
    ...

    location /login {
        if ($remote_addr ~ "^192\.168\.1\.\d{1,3}$") {
            allow all;
        }
        if ($remote_addr ~ "^192\.168\.2\.\d{1,3}$") {
            allow all;
        }
        deny all;
    }

    ...
}

Nginx - Block access to portion of path only, to all but specified IP range

1 Answers1