Allow access on a sublocation

Hi,

this configuration does not work as expected :

server {
satisfy any;
auth_basic “DING DING SONG”;
auth_basic_user_file /etc/apache2/htpasswd;
allow from CIDR;
allow from CIDR;
allow from CIDR;
allow from CIDR;

location ^~ /allowed/ {
    allow all;
}

deny all;

}

I short, I want to disallow access on my website, only some IPs can
access, except for /allowed/ which is open.

What’s wrong ?

Greg

On 6 Aug 2013 15:08, “Greg” [email protected] wrote:

allow from CIDR;

I short, I want to disallow access on my website, only some IPs can
access, except for /allowed/ which is open.

Just checking you’re aware that this only matches “/allowed/” by itself
and
nothing below it.

Is that what you meant? Is that what you’re testing?

J

On 6 Aug 2013 15:35, “Greg” [email protected] wrote:

It match evrything that starts with /allowed/ , right ?

Yes it does; I had a brain-fart.

Personally I omit the ^~ unless I have a situation that definitely
requires
it, as it’s clearer without it IMHO. YMMV.

J

Le 06/08/2013 16:22, Jonathan M. a crit :

Just checking you’re aware that this only matches “/allowed/” by
itself and nothing below it.

Is that what you meant? Is that what you’re testing?

It match evrything that starts with /allowed/ , right ?

this configuration does not work as expected :
server {
satisfy any;

If that is all your configuration (no extra location blocks) then just
include the rules inside location / {} like:

server {

  location / {
                 satisfy any;
                 auth_basic "DING DING SONG";
                  ...
                deny all;
 }

 location /allowed/ {
 }

}

p.s. http://nginx.org/en/docs/http/ngx_http_core_module.html#location

rr

Le 06/08/2013 16:50, Reinis R. a crit :

this configuration does not work as expected :
server {
satisfy any;

If that is all your configuration (no extra location blocks) then just
include the rules inside location / {} like:

True, but I can’t do that as “location / {}” is in a common config
included by many other vhosts.

On Tue, Aug 06, 2013 at 04:07:48PM +0200, Greg wrote:

Hi there,

this configuration does not work as expected :

In what way does it fail for you?

When I “allow 127.0.0.3/32”, I am challenged http 401 for “curl -i
http://127.0.0.1/normal/ok”, but get the file content from both “curl
-i http://127.0.0.1/allowed/ok” and “curl -i http://127.0.0.3/normal/ok

I short, I want to disallow access on my website, only some IPs can
access, except for /allowed/ which is open.

What’s wrong ?

It seems to work for me.

nginx -v?

nginx -V?

output of specific curl commands I can use to replicate the problem?

Thanks,

f

Francis D. [email protected]

Document sans nom> True, but I can’t do that as “location / {}” is in a
common config included by many other vhosts.

Then to clarify - you want to deny the access to all the “other vhosts”
or
just one?

If one - per http://nginx.org/en/docs/http/server_names.html you can
leave
the current config for all the “other vhosts” but define the one
specific
host you want to deny the access with exact server_name or if you use
regular expression in the server_name place it as first in the main
config.

If its all vhosts then just modify the included common config.

But in general it is hard to give you configuration suggestions not
knowing
how is your existing setup.

Typically vhosts (at least for me) each have their own server {} block
so
each one can have its own location definitions but the common parts
(like
*.php) can be included.

rr