Allowing POST requests from a single IP address only on NGINX

Question

Is it possible to allow only a single IP address to make POST requests and deny everyone else on the same grounds on NGINX?

Seen an answer related to this one but the solution offered there needs the rule to be applied server-wide. I need to do this on a virtual host level, without affecting the other sites hosted on the same server.

Answer 1

Under your virtual host directory , create an .htaccess file.

You can use rules like this for deny all post requests:

# deny all POST requests
<IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} POST
    RewriteRule .* - [F,L]
</IfModule>

Then allow the whitelist:

# whitelist POST requests
<IfModule mod_rewrite.c>
     RewriteCond %{REQUEST_METHOD} POST
     RewriteCond %{REQUEST_URI} !/contact.php [NC]
     RewriteCond %{REMOTE_ADDR} !127.0.0.1 
     RewriteRule .* - [F,L]
 </IfModule>

More information on this site

EDIT : for NGINX you can traslate precedent rule with this online tool, for instance:

if ($request_method ~ "POST"){
    set $rule_0 1$rule_0;
}
if ($rule_0 = "1"){
    return 403;
    break;
}


if ($request_method ~ "POST"){
    set $rule_0 1$rule_0;
}
if ($remote_addr !~ "127.0.0.1"){
    set $rule_0 3$rule_0;
}
if ($rule_0 = "321"){
   return 403;
    break;
}

Answer 2

The answer you need is similar to this one.

You would additional need a check for post, which would be ($request_method = POST ).

So the block would look something like the following (which I have not been able to test):

location @location {
  if ($request_method = POST) {
     allow IP;
     deny all;
  }
}

Docs for the access module are here.