Deny access to one file

Hi there.

I was trying to deny access to specified file for several ip ranges, but
it goes nothing. Does anyone can help me? My location directive is as
follow:

server {

root /home/phpbb/public_html;

location ^~ /includes/confirm_register.php {
deny 192.168.0.0/16;
deny 123.123.123.0/24;
allow all;
}
}

“confirm_register.php” file in “includes” directory can’t be accessable
for several ip ranges.


Regards.

Emers

Try

location = ’ /includes/confirm_register.php’ {
deny 192.168.0.0/16;
deny 123.123.123.0/24;
allow all;
}

Cheers

Dave

Dave C. wrote:

Try

location = ’ /includes/confirm_register.php’ {
deny 192.168.0.0/16;
deny 123.123.123.0/24;
allow all;
}

Nope. Doesnt work.


Regards.

Emers

Igor S. wrote:

}
Nope. Doesnt work.

  • location = ’ /includes/confirm_register.php’ {
  • location = /includes/confirm_register.php {

This solution works only for static files. PHP script is forbided for
deny hosts, allow hosts get source of confirm_register.php file.
Adding sublocation for passing php files solve my problem.

My location is as follow:

location ^~ /includes/confirm_register.php {
deny 192.168.0.0/24;
deny 123.123.123.0/24;
allow all;
location ~ .*.php?$ {
include /etc/nginx/fastcgi.conf;
fastcgi_pass unix:/tmp/fcgi.socket;
fastcgi_index index.php;
}
}

Thank you for not helping me quickly, and leting me figure it out by
myself.


Regards.

Emers

I’m having a really hard time getting SSL working with any sort of
speed. I’ve put together the most basic(esentially the example
config) test configuration I think is possible, but the initial
negotiation delay is horribly long. Is anyone out there using Nginx
on Debian with SSL?

Thanks,
Casey

Nevermind. Something stupid is going on in the network. I changed
the port to 8443(from 443) and the 10 second “timeout” went away.

Regards,
Casey

On Thu, Jan 17, 2008 at 08:23:59AM +0100, Emers wrote:

Dave C. wrote:

Try

location = ’ /includes/confirm_register.php’ {

deny 192.168.0.0/16;
deny 123.123.123.0/24;
allow all;
}

Nope. Doesnt work.

  • location = ’ /includes/confirm_register.php’ {
  • location = /includes/confirm_register.php {

I’ve got a situation where the port being served to the outside world
and the proxy port may not be the same. e.g. firewall:9000 => nginx:
8080 => realserver:8000

I’m currently using the following line which seems to take care of
everything but the port:
proxy_redirect http://realserver:8000 https://:9000$host;

I’d like something like this:
proxy_redirect http://realserver:8000 https://$host:$port;

Where $host:$port turns into firewall:9000 for the above example.
I’ve found variables for both the nginx port and the realserver port,
but can’t find anything for the port the client sent the request to.

Thanks,
Casey

Yes. That worked perfectly. I thought I had tried that already, but
obviously not!

Thank you,
Casey Rayman

On Tue, Jan 22, 2008 at 07:22:47PM -0600, Casey Rayman wrote:

Where $host:$port turns into firewall:9000 for the above example.
I’ve found variables for both the nginx port and the realserver port,
but can’t find anything for the port the client sent the request to.

There is no way to learn firewall’s IP address and port on nginx side at
all.

You may try

proxy_redirect http://realserver:8000 https://$http_host;

this will work if client sends “Host: www.example.com:9000”.