Forum: NGINX Proxy Bypass only specific IP

2974d09ac2541e892966b762aad84943?d=identicon&s=25 TheBritishGeek (Guest)
on 2014-06-24 06:43
(Received via mailing list)
I am looking for a way for allow that proxy_cache_bypass but only on a
secific hostname and client IP address.

My current setup is as follows:

location ~*
\.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|wmv|js|css|mp3|swf|ico|flv|json|csv|txt|svg|ttf|eot|otf|cff|afm|lwfn|ffil|fon|pfm|pfb|woff|std|pro|xsf|ps|pdf|bmp)$
{
            expires 1M;
            add_header X-Cache-Status $upstream_cache_status;
            proxy_cache_bypass $http_secret_header;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_pass http://www.domain.com;
            proxy_cache static-files.domain.com;
            proxy_cache_valid 200 360m;
            proxy_cache_valid 302 360m;
            proxy_cache_valid 404 1m;
            proxy_cache_use_stale error timeout invalid_header updating;
            proxy_ignore_headers X-Accel-Expires Expires;
        }

How can I add to this protection so that only 1 specific IPv4 & 1 IPv6
address can bypass the poxy ?

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,251124,251124#msg-251124
2974d09ac2541e892966b762aad84943?d=identicon&s=25 itpp2012 (Guest)
on 2014-06-24 08:17
(Received via mailing list)
if ($remote_addr ~ "^(10.10.*.*)$") { .... }

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,251124,251126#msg-251126
2974d09ac2541e892966b762aad84943?d=identicon&s=25 TheBritishGeek (Guest)
on 2014-06-24 12:39
(Received via mailing list)
I have tried

        if ($remote_addr ~ "^(1.1.1.1|a:b:c:d::1:2)$")
        {
            proxy_cache_bypass $http_secret_header;
        }

But is does not pass testing

nginx: [emerg] "proxy_cache_bypass" directive is not allowed here

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,251124,251128#msg-251128
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2014-06-24 16:23
(Received via mailing list)
Hello!

On Tue, Jun 24, 2014 at 06:38:59AM -0400, TheBritishGeek wrote:

> I have tried
>
>         if ($remote_addr ~ "^(1.1.1.1|a:b:c:d::1:2)$")
>         {
>             proxy_cache_bypass $http_secret_header;
>         }
>
> But is does not pass testing
>
> nginx: [emerg] "proxy_cache_bypass" directive is not allowed here

You have to set a variable as appropriate, and then use it in the
proxy_set_bypass directive.

    if (...) {
        set $bypass $http_secret_header;
    }

    proxy_cache_bypass $bypass;

Also, apart from "if" checks, it may be good idea to consider geo
and map blocks, see here:

http://nginx.org/en/docs/http/ngx_http_geo_module.html
http://nginx.org/en/docs/http/ngx_http_map_module.html

--
Maxim Dounin
http://nginx.org/
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.