Hi,
I’m using nginx to proxy through to apache, with a simple
location / {
proxy_pass ...
}
However, there is one location ( /account/sync_profile/) which I’d like
to restrict to just one IP address.
If I add a location for that address,
location /account/sync_profile/ {
allow 59.150.40.29;
deny all;
}
then of course it doesn’t get handled by the proxy.
I can’t put an
if ($uri = /account/sync_profile) { allow 59.150.40.29; deny all; }
inside my main location, since allow, deny won’t work there.
I can’t use a multi-level if;
I suppose one solution would be to include the proxy config into the
restricted location as well, but this seems like unnecessarily verbose…
Any ideas?
thanks,
robert.
Robert B. [email protected] wrote:
Any ideas?
location /account/sync_profile/ {
allow 59.150.40.29;
deny all;
proxy_pass …
}
location / {
proxy_pass …
}
proxy_* config declarations in the server block trickle down to
location blocks.
eg:
proxy_set_header X-Forwarded-For $http_x_client_ip;
…
location / { proxy_pass …; } # (1)
location /account/sync_profile/ { allow 59.150.40.29; deny all;
proxy_pass …; } # (2)
both (1) and (2) will pass along the X-Client-IP header
Thanks Eden, I guess that way will allow me to put the minimum amount of
config in each location directive, at least.
So for the record, I ended up with:
server {
…
proxy_buffers …;
proxy_set_header…;
… other global proxy options;
location / {
proxy_pass http://bella;
}
location /special_url/ {
allow 59.150.40.29;
deny all;
proxy_pass http://bella;
}
location /static/ {
…
}
}
Not so bad, as long as I don’t have too many of these special
per-location rules.
thanks,
robert.