Hello!

On Tue, Apr 25, 2017 at 12:50:24PM -0700, Igal @ Lucee.org wrote:

> Hello,
>
> I want to secure a site using the allow/deny directives so that only
> allowed networks will be able to access it. There is one "public"
> directory, however, that I want to be accessible for everyone.
>
> nginx serves as a reverse proxy on that site, and requests for URIs that
> end with the suffix ".cfm" are proxied to Tomcat.
>
> So I currently have something like:
>
> location / {
> allow 10.0.0.0/24;
> deny all;
> }
>
> location /public/ {
> allow all; # does that make sense?
> }
>
> location ~ \.cfm$ {
> ## proxy settings go here
> }
>
> Keep in mind that .cfm scripts are both in /public/ as well as in other
> directories.
>
> How can I achieve that?

Try this instead:

location / {
allow ...
deny all;

location ~ \.cfm$ {
...
}
}

location /public/ {
# access allowed to all by default - unless there is
# something restrictive defined on previous levels

location ~ \.cfm$ {
...
}
}

You may also find this talk interesting:

https://youtu.be/YWRYbLKsS0I

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx