Re: How to restrict acces to specific friendly URL by IP in Wordpress site?

Fri, 19 May 2017 15:05:27 -0700

‎I've used this for traversal tests, but my experience is the false positive rate is very high. I ended up writing some rules to filter the test.

https://github.com/wireghoul/dotdotpwn

From: li...@lazygranch.com
Sent: Friday, May 19, 2017 3:00 PM
To: nginx
Reply To: nginx@nginx.org
Subject: Re: How to restrict acces to specific friendly URL by IP in Wordpress site?

‎ My experience with deny in nginx is the url isn't hidden. That is I think a crawler will see the "secret" location. Can you set this up for the 444 code, that is no reply?

Rethinking this, I suppose if the webserver has no traversal issues, I guess this would be secure. But it wouldn't surprise me if some bot looks for /secret.


From: Alex Samad
Sent: Friday, May 19, 2017 2:37 PM
To: nginx
Reply To: nginx@nginx.org
Subject: Re: How to restrict acces to specific friendly URL by IP in Wordpress site?

wouldn't you use

location /secret-page/ {
  deny all
  allow 1.1.1.1/32;
}

a

On 19 May 2017 at 17:24, ohmykot <nginx-fo...@forum.nginx.org> wrote:
Hi!
I've got a server with nginx and a wordpress website running on it.

On the web-site, I have a wordpress page, i.e. domain.com/secret-page/, that
I want to restrict access to everybody but 1 specific IP address of my other
server.

As this page is not a real physical directory, but just a friendly URL - I
got stuck. I don't have previous experience configuring nginx, but I tried
hard to google the possible solution.

What I tried so far in my website config:
[code]
location ~* ^/secret-page/ {
allow 1.1.1.1;
deny all;
}
[/code]

But this didn't work. It returns 404 error when I try to open this page from
allowed IP. Looks like it tried to find the real file or directory
/secret-page/ rather than return a friendly URL page if I got it right.

Can you help me please?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274314,274314#msg-274314

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply via email to