Re: Nginx Directory Listing - Restrict by IP Address

Fri, 18 May 2018 05:17:38 -0700 

Hello, guys.

I think, you can try something like this:

location = /downloads/ {
    root /downloads/;
    allow 1.1.1.1;
    autoindex on;
}
location /downloads/ {
    root /downloads/;
}

This will work nicely if you don't need subdirectories.
If you need those, you can use a rewrite like:

map $remote_addr $forbidlisting {
    default 1;
    1.1.1.1 0;
}
location /downloads/ {
    root /downloads/;
    autoindex on;
    if ($forbidlisting) {
        rewrite /downloads(.*) /noindex_downloads$1 last;
    }
}
location /noindex_downloads/ {
    internal;
    root /downloads/;
}


On 18.05.2018 14:17, Friscia, Michael wrote:


I think you need to change this a little

map $remote_addr $allowed {
    default         “off”;
    1.1.1.1         “on”;
    2.2.2.2         “on:;
}

and then in in the download location block

 autoindex $allowed;
I use similar logic on different variables and try at all costs to avoid IF statements anywhere in the configs. 

___________________________________________

Michael Friscia

Office of Communications

Yale School of Medicine

(203) 737-7932 - office

(203) 931-5381 - mobile

http://web.yale.edu <http://web.yale.edu/>
*From: *nginx <nginx-boun...@nginx.org> on behalf of PRAJITH <prajithpalakk...@gmail.com> 
*Reply-To: *"nginx@nginx.org" <nginx@nginx.org>
*Date: *Friday, May 18, 2018 at 2:16 AM
*To: *"nginx@nginx.org" <nginx@nginx.org>
*Subject: *Re: Nginx Directory Listing - Restrict by IP Address

Hi Satish,
There are "if" constructs in nginx, please check http://nginx.org/r/if<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=>. if you want to allow multiple IP addresses, it might be better idea to use map. eg: 

map $remote_addr $allowed {
    default         0;
    1.1.1.1         1;
    2.2.2.2         1;
}

and then in in the download location block

 if ($allowed = 1) {
        autoindex on;
}

Thanks,

Prajith
On 18 May 2018 at 05:35, Sathish Kumar <satcs...@gmail.com<mailto:satcs...@gmail.com>> wrote: 

    Hi Team,

    We have a requirement to allow directory listing from few servers
    and disallow from other ip addresses and all IP addresses should
    be able to download all files inside the directory.

    Can somebody provide the correct nginx config for the same.

    |location / {|

    |root /downloads;|

    |autoindex on;|

    |allow 1.1.1.1;|

    |deny all;|

    |}|

    If I use the above config, only on 1.1.1.1 IP address can
    directory list from this server and can file download but from
    other IP addresses download shows forbidden, due to IP address
    restriction

    Is there a way to overcome this issue, thanks.


    Thanks & Regards
    Sathish.V


    _______________________________________________
    nginx mailing list
    nginx@nginx.org<mailto:nginx@nginx.org>
    
http://mailman.nginx.org/mailman/listinfo/nginx<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=>



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx




_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply via email to