Deny by ip and redirect

Server NGINX
#1

hi all,

I’d like to only allow a certain set of ip addresses to access one of
our
test sites, and redirect anyone with a different ip address to our
primary
domain.

location / {
allow 1.1.1.1;
deny all;
}

The above code works as expected, but I would like to do something like
this:

location / {
if not 1.1.1.1 or 1.1.1.2 or 1.1.1.3 do a 301 redirect to
www.domain.com(with request uri)
}

is this possible?

#2

Hi , This is a simple setting .Maybe it can solve your problem .

location / {
allow 1.1.1.1;
allow 1.1.1.2;
allow 1.1.1.3;
deny all;
}

error_page 403 /403.html;
location=/403.html{
proxy_pass http://www.domain.com;
}

#3

On Sun, 17 Oct 2010 10:36:42 -0400, Ilan B. wrote:

[…]

The above code works as expected, but I would like to do something
like
this:

location / {
if not 1.1.1.1 or 1.1.1.2 or 1.1.1.3 do a 301 redirect to
www.domain.com(with request uri)
}

is this possible?

Use the nginx geo module to set up a boolean-style variable - say,
$internal_ip. Then put something like this in the server block for your
test site:

if ($internal_ip != 1) {
rewrite ^ http://your.public.site/ permanent;
}

helen

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,141550,141558#msg-141558

#4

Thank you, I actually resolved it by:

location / {
allow 1.1.1.1;
deny all;
error_page 403 = @redirect_towww;
}

location @redirect_towww
{
rewrite ^(.*) http://www.primarydomain.com$1 permanent;
}

#5

On Sun, Oct 17, 2010 at 12:00:09PM -0400, Ilan B. wrote:

rewrite ^(.*) http://www.primarydomain.com$1 permanent;
}

error_page 403 http://www.primarydomain.com$request_uri;

However, you can not set 301 code.

if not 1.1.1.1 or 1.1.1.2 or 1.1.1.3 do a 301 redirect to
rewrite ^ http://your.public.site/ permanent;
[email protected]
http://nginx.org/mailman/listinfo/nginx

nginx mailing list
[email protected]
http://nginx.org/mailman/listinfo/nginx


Igor S.
http://sysoev.ru/en/

#6

Is there a way to do it with a 301?

#7

Thanks Igor, appreciate the information, is this something you expect to
be
done in coming versions?

For my purposes for now, this is acceptable.

Thanks

#8

On Sun, Oct 17, 2010 at 12:17:55PM -0400, Ilan B. wrote:

Is there a way to do it with a 301?

It should be implemented as
error_page 403 =301 http://www.primarydomain.com$request_uri;
but currently this is not implemented.

}
On Sun, Oct 17, 2010 at 11:28 AM, helen [email protected] wrote:

www.domain.com(with request uri)
rewrite ^ http://your.public.site/ permanent;
[email protected]
Igor S.
http://sysoev.ru/en/

nginx mailing list
[email protected]
http://nginx.org/mailman/listinfo/nginx

nginx mailing list
[email protected]
http://nginx.org/mailman/listinfo/nginx


Igor S.
http://sysoev.ru/en/

#9

On Sun, Oct 17, 2010 at 12:29:14PM -0400, Ilan B. wrote:

Thanks Igor, appreciate the information, is this something you expect to be
done in coming versions?

The attached patch allows this.
It will be included in the next 0.8.53.

#10

On Sun, Oct 17, 2010 at 08:33:36PM +0400, Igor S. wrote:

On Sun, Oct 17, 2010 at 12:29:14PM -0400, Ilan B. wrote:

Thanks Igor, appreciate the information, is this something you expect to be
done in coming versions?

The attached patch allows this.
It will be included in the next 0.8.53.

Sorry, this is wrong patch.


Igor S.
http://sysoev.ru/en/

#11

Thanks, this would be the first time I’m applying a patch. What’s the
correct process?

2010/10/17 Igor S. [email protected]

#12

On Sun, Oct 17, 2010 at 08:42:56PM +0400, Igor S. wrote:

Sorry, this is wrong patch.
The new patch.

#13

On Sun, Oct 17, 2010 at 03:05:44PM -0400, Ilan B. wrote:

Thanks, this would be the first time I’m applying a patch. What’s the
correct process?

tar zxf nginx-0.8.52.tar.gz
patch -d nginx-0.8.52 < patch.error_page.30x.1
cd nginx-0.8.52
./configure …

done in coming versions?
Igor S.
http://sysoev.ru/en/

nginx mailing list
[email protected]
http://nginx.org/mailman/listinfo/nginx

nginx mailing list
[email protected]
http://nginx.org/mailman/listinfo/nginx


Igor S.
http://sysoev.ru/en/

#14

I think I applied the patch correctly, ran patch < patchfilename inside
the
src/http directory and looks like the files were patched. I then
modified
the config file to have:

error_page = 301 http://www.myprimarydomain.com$request_uri;

When starting nginx, I now get this error:

Starting nginx: [emerg]: invalid value “=” in /etc/nginx/nginx.conf:42

2010/10/17 Igor S. [email protected]

#15

On Sun, Oct 17, 2010 at 11:59:54PM -0400, Ilan B. wrote:

I think I applied the patch correctly, ran patch < patchfilename inside the
src/http directory and looks like the files were patched. I then modified
the config file to have:

error_page = 301 http://www.myprimarydomain.com$request_uri;

error_page 403 =301 http://www.myprimarydomain.com$request_uri;

nginx mailing list
[email protected]
http://nginx.org/mailman/listinfo/nginx

nginx mailing list
[email protected]
http://nginx.org/mailman/listinfo/nginx


Igor S.
http://sysoev.ru/en/

#16

I get this error:

can’t find file to patch at input line 5
Perhaps you should have used the -p or --strip option?
The text leading up to this was:

|Index: src/http/ngx_http_core_module.c
|===================================================================
|— src/http/ngx_http_core_module.c (revision 3099)

+++ src/http/ngx_http_core_module.c (working copy)

File to patch: