How to allow specific IP's to a URL (not directory!) in Nginx

Question

I'm trying to deny access to a specific URL on our site running on Nginx but allow it from specific IP's, I've been trying to fiddle around using Location but it seems that's just trying to find a proper directory and not the URL.

This is what I came up with, but just gives back a 404.

location /specificurl {
       root /var/www/site1.com/current;
       allow 123.123.123.123;
       deny all;
       }

Why would you want to do that, if they surf to your IP they would still be able to get in. — Lucas Kauffman, Apr 28 '12 at 08:07
I did not understand that answer, and no they won't get access to anything by surfing to the IP address. — Lars, Apr 28 '12 at 08:08
Can you elaborate please? In my mind it sounds like an everyday thing. — Lars, Apr 28 '12 at 08:21
I managed to solve it, but I can't post the answer yet, but it'll be there within 8 hours or so. — Lars, Apr 28 '12 at 08:25

cadmi · Answer 1 · 2012-04-30T12:51:42.287

6

You are trying to return a 404 error for all IP, but the specified? Use the directive "error_page" with "=404" parameter. Sort of ...

location /specificurl {
   root /var/www/site1.com/current;
   allow 123.123.123.123;
   deny all;

   error_page 403 =404 /404.html;

}

http://nginx.org/en/docs/http/ngx_http_core_module.html#error_page

Furthermore, it is possible to change the response code to another, for example:
error_page 404 =200 /empty.gif;

Or something like ...

location /specificurl {
   root /var/www/site1.com/current;
   allow 123.123.123.123;
   deny all;

   error_page 403 = @goaway;

}

location @goaway {
    return 444;
}

edited Apr 30 '12 at 12:51

answered Apr 30 '12 at 12:46

cadmi

7,308
1
17
23

Hi, Thanks for the reply, but as my testing showed, using "location /specificurl" doesn't just got for URL, it needs a directory called specificurl as well, and since we have a web framework which creates dynamic URLs for whatever page, this doesn't work for us. But to be completely honest, I'm not 110% sure that I'm correct on this. :-) – Lars May 01 '12 at 07:11
Analog from apache config? You want something strange ... – cadmi May 01 '12 at 10:02
In which file is the above set? (For those new to nginx) – TSG Dec 27 '20 at 14:10

score 4 · Answer 2 · answered Apr 28 '12 at 16:07

I managed to solve it myself, and this is how:

    set $deny_access off;

    if ($remote_addr !~ (123.123.123)) {
            set $deny_access on;
    }
    if ($uri ~ "^/(specificurl)$" ) {
            set $deny_access on$deny_access;
    }
    if ($deny_access = onon) {
            return 444;
    }

score 1 · Answer 3 · answered Oct 30 '17 at 11:42

In the location block and the following line,

try_files $uri $uri/ /index.php?q=$uri&$args;

So it will be like

location /index.php/admin {
   try_files $uri $uri/ /index.php?q=$uri&$args;
   allow 123.123.13.124;
   deny all;
{

It worked for my case. It may work for you.

How to allow specific IP's to a URL (not directory!) in Nginx

3 Answers3