Welcome! Log In Create A New Profile

Advanced

Re: Nginx Directory Listing - Restrict by IP Address

Igor A. Ippolitov
May 18, 2018 01:04PM
This works for me:
>
>     location / {
>         alias /downloads/;
>         autoindex on;
>         if ($forbidlisting) {
>             rewrite ^/(.*) /noindex_root/$1 last;
>         }
>     }
>     location /noindex_root/ {
>         internal;
>         alias /downloads/;
>     }


On 18.05.2018 19:32, Sathish Kumar wrote:
> Hi,
>
> I am doing for location /, in that case how will have to change the
> below portion.
>
> location /downloads {
>     alias /downloads/;
>     autoindex on;
>     if ($forbidlisting) {
>         rewrite /downloads(.*) /noindex_downloads/$1 last;
>     }
> }
> location /noindex_downloads/ {
>     internal;
>     alias /downloads/;
> }
>
>
>
> On Fri, May 18, 2018, 11:10 PM Igor A. Ippolitov <iippolitov@nginx.com
> <mailto:iippolitov@nginx.com>> wrote:
>
> Sathish,
>
> I made a couple of minor mistakes.
>
> Please, try following configuration:
>
>>
>> map $remote_addr $forbidlisting {
>>     default 1;
>>     1.1.1.1 0;
>> }
>> location /downloads {
>>     alias /downloads/;
>>     autoindex on;
>>     if ($forbidlisting) {
>>         rewrite /downloads(.*) /noindex_downloads/$1 last;
>>     }
>> }
>> location /noindex_downloads/ {
>>     internal;
>>     alias /downloads/;
>> }
>
> I tried it and it works for me.
>
>
> On 18.05.2018 16:01, Sathish Kumar wrote:
>> Hi,
>>
>> Tried this option it throws rewrite error and am not able to
>> download file from non whitelisted ip addresses.
>>
>>
>> ERROR:
>> rewrite or internal redirection cycle while processing
>> "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
>> client: 3.3.3.3, server: abc.com http://abc.com, request: "GET
>> /Downloads/abcd/file.zip
>>
>>
>> On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov
>> <iippolitov@nginx.com <mailto:iippolitov@nginx.com>> wrote:
>>
>> Hello, guys.
>>
>> I think, you can try something like this:
>>
>> location = /downloads/ {
>>     root /downloads/;
>>     allow 1.1.1.1;
>>     autoindex on;
>> }
>> location /downloads/ {
>>     root /downloads/;
>> }
>>
>> This will work nicely if you don't need subdirectories.
>> If you need those, you can use a rewrite like:
>>
>> map $remote_addr $forbidlisting {
>>     default 1;
>>     1.1.1.1 0;
>> }
>> location /downloads/ {
>>     root /downloads/;
>>     autoindex on;
>>     if ($forbidlisting) {
>>         rewrite /downloads(.*) /noindex_downloads$1 last;
>>     }
>> }
>> location /noindex_downloads/ {
>>     internal;
>>     root /downloads/;
>> }
>>
>>
>> On 18.05.2018 14:17, Friscia, Michael wrote:
>>>
>>> I think you need to change this a little
>>>
>>> map $remote_addr $allowed {
>>>     default         “off”;
>>>     1.1.1.1         “on”;
>>>     2.2.2.2         “on:;
>>> }
>>>
>>> and then in in the download location block
>>>
>>>  autoindex $allowed;
>>>
>>> I use similar logic on different variables and try at all
>>> costs to avoid IF statements anywhere in the configs.
>>>
>>> ___________________________________________
>>>
>>> Michael Friscia
>>>
>>> Office of Communications
>>>
>>> Yale School of Medicine
>>>
>>> (203) 737-7932 - office
>>>
>>> (203) 931-5381 - mobile
>>>
>>> http://web.yale.edu http://web.yale.edu/
>>>
>>> *From: *nginx <nginx-bounces@nginx.org>
>>> <mailto:nginx-bounces@nginx.org> on behalf of PRAJITH
>>> <prajithpalakkuda@gmail.com> <mailto:prajithpalakkuda@gmail.com>
>>> *Reply-To: *"nginx@nginx.org" <mailto:nginx@nginx.org>
>>> <nginx@nginx.org> <mailto:nginx@nginx.org>
>>> *Date: *Friday, May 18, 2018 at 2:16 AM
>>> *To: *"nginx@nginx.org" <mailto:nginx@nginx.org>
>>> <nginx@nginx.org> <mailto:nginx@nginx.org>
>>> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address
>>>
>>> Hi Satish,
>>>
>>> There are "if" constructs in nginx, please check
>>> http://nginx.org/r/ifhttps://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=.
>>> if you want to allow multiple IP addresses, it might be
>>> better idea to use map. eg:
>>>
>>> map $remote_addr $allowed {
>>>     default         0;
>>>     1.1.1.1         1;
>>>     2.2.2.2         1;
>>> }
>>>
>>> and then in in the download location block
>>>
>>>  if ($allowed = 1) {
>>>         autoindex on;
>>> }
>>>
>>> Thanks,
>>>
>>> Prajith
>>>
>>> On 18 May 2018 at 05:35, Sathish Kumar
>>> <satcse88@gmail.com<mailto:satcse88@gmail.com>> wrote:
>>>
>>> Hi Team,
>>>
>>> We have a requirement to allow directory listing from
>>> few servers and disallow from other ip addresses and all
>>> IP addresses should be able to download all files inside
>>> the directory.
>>>
>>> Can somebody provide the correct nginx config for the same.
>>>
>>> |location / {|
>>>
>>> |root /downloads;|
>>>
>>> |autoindex on;|
>>>
>>> |allow 1.1.1.1;|
>>>
>>> |deny all;|
>>>
>>> |}|
>>>
>>> If I use the above config, only on 1.1.1.1 IP address
>>> can directory list from this server and can file
>>> download but from other IP addresses download shows
>>> forbidden, due to IP address restriction
>>>
>>> Is there a way to overcome this issue, thanks.
>>>
>>>
>>> Thanks & Regards
>>> Sathish.V
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx@nginx.org<mailto:nginx@nginx.org>
>>> http://mailman.nginx.org/mailman/listinfo/nginxhttps://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=
>>>
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx@nginx.org <mailto:nginx@nginx.org>
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org <mailto:nginx@nginx.org>
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org <mailto:nginx@nginx.org>
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org <mailto:nginx@nginx.org>
> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Nginx Directory Listing - Restrict by IP Address

Sathish Kumar May 17, 2018 08:08PM

Re: Nginx Directory Listing - Restrict by IP Address

prajitth May 18, 2018 02:18AM

Re: Nginx Directory Listing - Restrict by IP Address

Sathish Kumar May 18, 2018 02:38AM

Re: Nginx Directory Listing - Restrict by IP Address

wickedhangover May 18, 2018 07:20AM

Re: Nginx Directory Listing - Restrict by IP Address

Igor A. Ippolitov May 18, 2018 08:18AM

Re: Nginx Directory Listing - Restrict by IP Address

Sathish Kumar May 18, 2018 09:04AM

Re: Nginx Directory Listing - Restrict by IP Address

Igor A. Ippolitov May 18, 2018 11:12AM

Re: Nginx Directory Listing - Restrict by IP Address

Sathish Kumar May 18, 2018 12:34PM

Re: Nginx Directory Listing - Restrict by IP Address

Igor A. Ippolitov May 18, 2018 01:04PM

Re: Nginx Directory Listing - Restrict by IP Address

Sathish Kumar May 18, 2018 09:40PM

Re: Nginx Directory Listing - Restrict by IP Address

Sathish Kumar May 19, 2018 12:02AM

Re: Nginx Directory Listing - Restrict by IP Address

Sathish Kumar May 18, 2018 08:58AM

Re: Nginx Directory Listing - Restrict by IP Address

Anoop Alias May 18, 2018 09:04AM

Re: Nginx Directory Listing - Restrict by IP Address

Francis Daly May 18, 2018 12:38PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 101
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready