Welcome! Log In Create A New Profile

Advanced

RE: Allow/Deny rules in Location block

All files from this thread

File Name File Size   Posted by Date  
ngxinx.conf 4.9 KB open | download sandeep dubey 01/25/2023 Read message
Reinis Rozitis
January 25, 2023 08:30AM
> [error] 11#11: *49 access forbidden by rule, client: 10.48.11.9, server: _, request: "GET /auth/ HTTP/1.1", host: "http://my.domain.info", referrer: "https://my.domain.info"
It seems that the rule is working but at some wrong place, I am not sure how to organise or set the right sequence here.


Just from the log it seems correct - you have a rule to allow 10.48.0.0/24; but the ip 10.48.11.9 doesn't go within that subnet (/24 subnet mask is just a single C subnet 10.48.0.1-254).

Then again, your whole configuration would be simpler with just a single location block (since it doesn't seem you have an application which uses /auth without a trailing slash):

location /auth/ {
allow 172.20.0.0/24;
allow 10.48.0.0/24;
#allow vpn1.ip.here;
allow vpn2.ip.here;
deny all;
proxy_pass http://127.0.0.1:8080;
auth_basic "Restricted area";
auth_basic_user_file /etc/nginx/.htpasswd;
}

If you wanted to get the basic http auth for those who are not within allowed ip ranges you need to add 'satisfy any;' directive [1]

Also:
error_page 403 /usr/share/nginx/html/403.html; <- error_page needs a relative uri not a full path in filesystem this is why nginx also returns 404 (as it can't find the error page) instead of 403 forbidden.

If /usr/share/nginx/html is your default nginx webroot you can just specify:

error_page 403 /403.html;

If you store your error pages in different webroot add something like this:

location /403.html {
root /usr/share/nginx/html;
}

Also your attached configuration has duplicate 'location /' directives. Nginx should complain about invalid configuration. Are you sure you are testing correctly?

[1] http://nginx.org/en/docs/http/ngx_http_core_module.html#satisfy

rr
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Allow/Deny rules in Location block

sandeep dubey January 23, 2023 04:36AM

Re: Allow/Deny rules in Location block

Ian Hobson January 23, 2023 06:58AM

RE: Allow/Deny rules in Location block

Reinis Rozitis January 23, 2023 07:40AM

Re: Allow/Deny rules in Location block

sandeep dubey January 24, 2023 12:42AM

RE: Allow/Deny rules in Location block

Reinis Rozitis January 24, 2023 11:58AM

Re: Allow/Deny rules in Location block

nanaya January 25, 2023 12:30AM

Re: Allow/Deny rules in Location block

sandeep dubey January 25, 2023 12:56AM

Re: Allow/Deny rules in Location block Attachments

sandeep dubey January 25, 2023 12:56AM

RE: Allow/Deny rules in Location block

Reinis Rozitis January 25, 2023 08:30AM

Re: Allow/Deny rules in Location block

sandeep dubey January 27, 2023 09:02AM

Re: Allow/Deny rules in Location block

sandeep dubey January 24, 2023 12:38AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 89
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready