Nginx allow only specific API paths

Question

I am very new to Nginx and I have below configuration in Nginx

server {
location /api {

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

So now suppose if user access hostname/api/{{anything}} should allow them to access but user tries to access hostname/api/admin it should deny them, So how I can achieve this?

Thanks

Dexirian · Answer 1 · 2020-01-16T16:13:02.043

2

You could specify the paths in the config like so : See relevant doc here

 <Location /api/*>
    Order Allow,Deny
    Allow from all
  </Location>
  <Location /api/admin>
    Order Allow,Deny
    Deny from all
  </Location>

EDIT : Provided solution for apache, but nginx was required. Location directive also exists in nginx :

location /api/* {
    allow all;
}

location /api/admin {
    deny all;
}

edited Jan 16 '20 at 16:13

answered Jan 16 '20 at 15:48

Dexirian

430
2
11

I want it for Nginx and above is for Apache – Mahesh G Jan 16 '20 at 15:55
Added the edit for nginx ;) Sorry about the misunderstanding – Dexirian Jan 16 '20 at 16:13
Thanks I am checking now !! – Mahesh G Jan 16 '20 at 16:27
I have tested but it's not denying the request :( still I am able to /api/admin – Mahesh G Jan 17 '20 at 16:33

Nginx allow only specific API paths

1 Answers1