All files from this thread

File Name	File Size		Posted by	Date
ngxinx.conf	4.9 KB	open | download	sandeep dubey	01/25/2023	Read message

Thanks Reinis for the response and suggestions.

I made the changes and unfortunately couldn't make it work. Later realised
that we are running a Nginx Controller in GKE env., So assuming that the
restriction changes should be done at controller level and not in the Nginx
(not very sure).

On Wed, Jan 25, 2023 at 6:59 PM Reinis Rozitis <r@roze.lv> wrote:

> > [error] 11#11: *49 access forbidden by rule, client: 10.48.11.9, server:
> _, request: "GET /auth/ HTTP/1.1", host: "http://my.domain.info",
> referrer: "https://my.domain.info"
> It seems that the rule is working but at some wrong place, I am not sure
> how to organise or set the right sequence here.
>
>
> Just from the log it seems correct - you have a rule to allow 10.48.0.0/24;
> but the ip 10.48.11.9 doesn't go within that subnet (/24 subnet mask is
> just a single C subnet 10.48.0.1-254).
>
> Then again, your whole configuration would be simpler with just a single
> location block (since it doesn't seem you have an application which uses
> /auth without a trailing slash):
>
> location /auth/ {
> allow 172.20.0.0/24;
> allow 10.48.0.0/24;
> #allow vpn1.ip.here;
> allow vpn2.ip.here;
> deny all;
> proxy_pass http://127.0.0.1:8080;
> auth_basic "Restricted area";
> auth_basic_user_file /etc/nginx/.htpasswd;
> }
>
> If you wanted to get the basic http auth for those who are not within
> allowed ip ranges you need to add 'satisfy any;' directive [1]
>
> Also:
> error_page 403 /usr/share/nginx/html/403.html; <- error_page needs a
> relative uri not a full path in filesystem this is why nginx also returns
> 404 (as it can't find the error page) instead of 403 forbidden.
>
> If /usr/share/nginx/html is your default nginx webroot you can just
> specify:
>
> error_page 403 /403.html;
>
> If you store your error pages in different webroot add something like this:
>
> location /403.html {
> root /usr/share/nginx/html;
> }
>
> Also your attached configuration has duplicate 'location /' directives.
> Nginx should complain about invalid configuration. Are you sure you are
> testing correctly?
>
> [1] http://nginx.org/en/docs/http/ngx_http_core_module.html#satisfy
>
> rr
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>


--
Regards,
Sandeep
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx