Forum: NGINX Restricting access to specific subdirectories

Hey all,

I'm a little stumped about what I'm doing wrong here.  Basically I have 
a
subdirectory that I want to restrict access to specific IP's, otherwise
return a 403.

If I do the following (inside my server {} block):

server {
        // normal processing code here
        ...

        location ~ ^/my_ws$ {
                allow   XX.XX.XX.XX;
                allow   XX.XX.XX.XX/24;
                deny   all;
        }
}

Hitting the following URL works as intended and I get a 403 if I try 
from
anywhere other than the specified URL's: http://www.mydomain.com/my_ws

However, if there's anything AFTER that (i.e. my_ws/, my_ws/page2,
my_ws?parameter1, etc.) it allows them to proceed regardless of IP.

I'm sure it's something required before or after the $, but I can't 
figure
it out.

Thanks in advance!

Justin

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,235864,235864#msg-235864

On 03/02/13 16:27, jdiana wrote:
>          ...
>
>
do you need a $ at all? It's a placeholder for the end of the string,
and all you care about s the start??

Steve

On 3 February 2013 03:27, jdiana <nginx-forum@nginx.us> wrote:
[snip]
>         location ~ ^/my_ws$ {
[snip]
> However, if there's anything AFTER that (i.e. my_ws/, my_ws/page2,
> my_ws?parameter1, etc.) it allows them to proceed regardless of IP.
>
> I'm sure it's something required before or after the $, but I can't figure
> it out.

Your problem is absolutely to do with the "$", and if you don't yet
understand regex well enough to fix it, have a read through a simple
intro such as http://www.zytrax.com/tech/web/regex.htm#positioning.

BTW that's a pointer to the exact section you need, but I recommend
you digest at least the first half of that guide - it's not long or
difficult, and will serve you well in the future.

HTH,
Jonathan
--
Jonathan Matthews // Oxford, London, UK
http://www.jpluscplusm.com/contact.html

Hello!

On Sat, Feb 02, 2013 at 10:27:40PM -0500, jdiana wrote:

>         ...
>
> However, if there's anything AFTER that (i.e. my_ws/, my_ws/page2,
> my_ws?parameter1, etc.) it allows them to proceed regardless of IP.
>
> I'm sure it's something required before or after the $, but I can't figure
> it out.

You don't need regular expressions, just use normal prefix
location:

    location /my_ws {
        allow ...
        deny all;
    }


See http://nginx.org/r/location for details.

--
Maxim Dounin
http://nginx.com/support.html