Hello! On Tue, Apr 25, 2017 at 12:50:24PM -0700, Igal @ Lucee.org wrote:
> Hello, > > I want to secure a site using the allow/deny directives so that only > allowed networks will be able to access it. There is one "public" > directory, however, that I want to be accessible for everyone. > > nginx serves as a reverse proxy on that site, and requests for URIs that > end with the suffix ".cfm" are proxied to Tomcat. > > So I currently have something like: > > location / { > allow 10.0.0.0/24; > deny all; > } > > location /public/ { > allow all; # does that make sense? > } > > location ~ \.cfm$ { > ## proxy settings go here > } > > Keep in mind that .cfm scripts are both in /public/ as well as in other > directories. > > How can I achieve that? Try this instead: location / { allow ... deny all; location ~ \.cfm$ { ... } } location /public/ { # access allowed to all by default - unless there is # something restrictive defined on previous levels location ~ \.cfm$ { ... } } You may also find this talk interesting: https://youtu.be/YWRYbLKsS0I -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx