Restrict by IP for some users

musicdenotation · February 5, 2014, 11:50pm

I’d like to restrict access to a server block to authenticated users.
Some of the users should be able to access it from any IP and some of
the users should be blocked unless they are coming from a particular
IP. How is this done in nginx?

Grant

casper_the_ghost · February 6, 2014, 1:07am

On Wed, Feb 05, 2014 at 02:49:46PM -0800, Grant wrote:

Hi there,

I’d like to restrict access to a server block to authenticated users.
Some of the users should be able to access it from any IP and some of
the users should be blocked unless they are coming from a particular
IP. How is this done in nginx?

Perhaps something along these lines?

User “a” must come from an address listed in “geo $goodip”.
Other users may come from anywhere.

===
map $remote_user $userip {
default 1;
a $goodip;
}

geo $goodip {
default 0;
127.0.0.0/24 1;
}

server {
auth_basic “This Site”;
auth_basic_user_file htpasswd;
if ($userip = 0) {
return 403;
}
}

f

Francis D. [email protected]

casper_the_ghost · February 7, 2014, 6:08pm

===
server {
auth_basic “This Site”;
auth_basic_user_file htpasswd;
if ($userip = 0) {
return 403;
}
}

Interesting solution. I never would have thought of that. I was
using an alias to do this in apache. Are there performance
implications of adding the geo and map modules to nginx and running
that code?

Grant

Restrict by IP for some users

server { auth_basic “This Site”; auth_basic_user_file htpasswd; if ($userip = 0) { return 403; } }

f

server {
auth_basic “This Site”;
auth_basic_user_file htpasswd;
if ($userip = 0) {
return 403;
}
}