On Fri, Feb 10, 2012 at 5:58 PM, António P. P. Almeida <appa@perusio.net>wrote:

> On 10 Fev 2012 19h40 WET, guilherme.e@gmail.com wrote:
>
> > Adrián,
> >
> > This would fix the problem, but I don't know the directories that
> > has a .htaccess file with allow/deny.
> >
> > Example:
> >
> > Scenario: nginx (cache/proxy) + back-end apache
> >
> > root@srv1 [~]# ls -a /home/domain/public_html/restrictedimages/ ./
> > ../ .htaccess image.jpg root@srv1 [~]# cat
> > /home/domain/public_html/restrictedimages/.htaccess allow from
> > x.x.x.x deny from all
> >
> > In the first access (source IP: x.x.x.x) to
> > http://domain.com/restrictedimages/image.jpg, nginx proxy request to
> > apache and cache response. The problem comes in other request from
> > other IP address different from x.x.x.x. Nginx deliver the objects
> > from cache, even if the ip address is not authorized, because nginx
> > doesn't understand .htaccess.
> >
> > I would like to bypass cache in this cases, maybe using
> > proxy_cache_bypass, but I don't know how. Any idea?
>
> I already gave you a suggestion. You just need to use a geo directive
> where you enumerate all the IPs that can **access**.
>
> AFAICT this foots the bill. No need to complicate it with headers
> being passed to the backend.
>
> --- appa
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>

Antonio, geo directive would be a great idea if I know the IPs that can
access the website (or directory), but the application is not mine, and the
customer can change this list (in .htaccess). In this case the ip list in
nginx would be outdated.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx