oh i see<br><br>But using your location examples denies access only to /myadmin and /myadmin/*.php files<br>and if i try /myadmin/important.txt or anything else i will see it even if im not in the acl<br><br>So for my case to deny access to anything that resides in a folder
<br><br> location ~ ^/directory/(.*) {<br><br>worked ok apparently (you still have to add fastcgi params if u need any php files to work in that dir :P)<br><br>Thank you again Igor for a great software and support.
<br><br><br><div><span class="gmail_quote">On 2/20/07, <b class="gmail_sendername">Igor Sysoev</b> <<a href="mailto:is@rambler-co.ru">is@rambler-co.ru</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Tue, Feb 20, 2007 at 03:40:19PM +0200, Anonymous Coward wrote:<br><br>> oh, dumb me... i didn't knew you can setup access at server level<br>><br>> Anyway, the problem still persists if i want to deny access just to
<br>> <a href="http://sub.domain.tld/myadmin">http://sub.domain.tld/myadmin</a> using this<br>><br>> location /myadmin {<br>> allow <a href="http://192.168.2.2">192.168.2.2</a>;<br>> deny all;
<br>> }<br>><br>> Ill try to explain again... with that config if a user let's say from<br>> <a href="http://192.168.2.3">192.168.2.3</a> is trying to see <a href="http://sub.domain.tld/myadmin">
http://sub.domain.tld/myadmin</a> he gets access<br>> denied which is OK... but if he tries<br>> <a href="http://sub.domain.tld/myadmin/index.php">http://sub.domain.tld/myadmin/index.php</a> he can see the site with no problem
<br>><br>> (the problem with <a href="http://sub.domain.tld/">http://sub.domain.tld/</a> not working and<br>> <a href="http://sub.domain.tld/index.php">http://sub.domain.tld/index.php</a> working was apparently from Firefox, fixed
<br>> after cleared the cache, weird tho')<br>><br>> i hope that was more clear :)<br><br>See the order of location processing:<br><a href="http://wiki.codemongers.com/NginxHttpCoreModule#location">http://wiki.codemongers.com/NginxHttpCoreModule#location
</a><br><br>You need something like this:<br><br> location / {<br> ...<br> }<br><br> location /myadmin { # static /myadmin files<br> allow <a href="http://192.168.2.2">192.168.2.2
</a>;<br> deny all;<br> ...<br> }<br><br> location ~ ^/myadmin/.+\.php$ {<br> allow <a href="http://192.168.2.2">192.168.2.2</a>;<br> deny all;<br> ...<br>
fastcgi settings<br> }<br><br> location ~ .php$ {<br> ...<br> fastcgi settings<br> }<br><br><br><br>> On 2/20/07, Igor Sysoev <<a href="mailto:is@rambler-co.ru">
is@rambler-co.ru</a>> wrote:<br>> ><br>> >On Tue, Feb 20, 2007 at 02:39:19PM +0200, Anonymous Coward wrote:<br>> ><br>> >> im trying to deny access to everything that it's a dir/vhost using the
<br>> >> following config<br>> >><br>> >> server {<br>> >> listen <a href="http://192.168.2.1">192.168.2.1</a>;<br>> >> server_name
mysub.domain.tld;<br>> >><br>> >> access_log /var/log/nginx/localhost.access_log main;<br>> >> error_log /var/log/nginx/localhost.error_log;<br>> >>
<br>> >> root /var/www/localhost/htdocs/mysub.domain.tld;<br>> >> location / {<br>> >> allow <a href="http://192.168.2.2">192.168.2.2</a>;<br>> >> deny all;
<br>> >> }<br>> >> location /nginx_status {<br>> >> stub_status on;<br>> >> access_log off;<br>> >> allow <a href="http://127.0.0.1">
127.0.0.1</a>;<br>> >> deny all;<br>> >> }<br>> >> location ~ .php$ {<br>> >> include /etc/nginx/fastcgi_params;<br>> >> fastcgi_pass
<a href="http://127.0.0.1:1105">127.0.0.1:1105</a>;<br>> >> fastcgi_index index.php;<br>> >><br>> >> # where the php files to pass to the listener.<br>> >> fastcgi_param SCRIPT_FILENAME
<br>> >> /var/www/localhost/htdocs/mysub.domain.tld$fastcgi_script_name;<br>> >> }<br>> >> }<br>> >><br>> >><br>> >> Now there are 2 problems<br>
> >> - it only denies access to <a href="http://mysub.domain.tld/">http://mysub.domain.tld/</a> if i connect from<br>> >> another host<br>> >> - if i connect from the right host when i try to access
<br>> >> <a href="http://mysub.domain.tld/">http://mysub.domain.tld/</a> it wants me to download or open a file... if i<br>> >try<br>> >> <a href="http://mysub.domain.tld/index.php">http://mysub.domain.tld/index.php
</a> it works ok... same with<br>> >> <a href="http://mysub.domain.tld/myadmin">http://mysub.domain.tld/myadmin</a> for example still wants me to<br>> >download/open<br>> >> file but works with <a href="http://mysub.domain.tld/myadmin/index.php">
http://mysub.domain.tld/myadmin/index.php</a><br>> >><br>> >> i tried with location ~ .* also but i get the same result except that it<br>> >> correctly denies access to everything apparently... but i still can't
<br>> >see<br>> >> the site from an allowed ip<br>> >><br>> >> What im doing wrong?<br>> >><br>> >> location ~ .*<br>> ><br>> >I can not understand the described situation, but if you want to deny
<br>> >access to the whole site from anywhere except <a href="http://192.168.2.2">192.168.2.2</a>, then you should<br>> >set up access/deny rules at server level, and they will be inherited<br>> >to all locations.
<br>> ><br>> ><br>> >--<br>> >Igor Sysoev<br>> ><a href="http://sysoev.ru/en/">http://sysoev.ru/en/</a><br>> ><br>> ><br><br>--<br>Igor Sysoev<br><a href="http://sysoev.ru/en/">http://sysoev.ru/en/
</a><br><br></blockquote></div><br>