On Thu, May 14, 2020 at 11:10:20AM -0700, PGNet Dev wrote:

Hi there,

> editing a general location match to exclude one, specific instance?

It is usually easier to use positive matches instead of negative ones.

> I've had a trivial 'protection' rule in place for a long time
>
> location ~* (gulpfile\.js|settings.php|readme|schema|htpasswd|password|config) {
> deny all;
> }

> 2020/05/12 22:16:39 [error] 57803#57803: *1 access forbidden by rule,
> client: 10.10.10.10, server: testapp.example1.com, request: "GET /api/configuration HTTP/2.0",

> I'd like to edit the match to PASS that^ logged match -- as specifically/uniquely as possible -- but CONTINUE to 'deny all' for all other/remaining matches on "config".
>
> How would that best be done? A preceding location match? Or editing the existing one?

A separate "location" that matches what you want and is "higher priority"
than the regex location that this request currently matches.

location = /api/configuration {
# do what you want, probably including proxy_pass
}

You could use "location ^~ /api/configuration", if you want to allow
anything with that prefix.

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx