editing a general location match to exclude one, specific instance?

I run nginx 1.18.0.

I've had a trivial 'protection' rule in place for a long time

        location ~* 
(gulpfile\.js|settings.php|readme|schema|htpasswd|password|config) {
                deny all;
        }

That hasn't caused me any particular problems.

Recently, I've added a proxied back end app.

In logs I see

        ==> /var/log/nginx/auth.example1.com.error.log <==
         2020/05/12 22:16:39 [error] 57803#57803: *1 access forbidden by rule,
         client: 10.10.10.10, server: testapp.example1.com, request: "GET 
/api/configuration HTTP/2.0",
         host: "testapp.example1.com", referrer: 
"https://testapp.example1.com/?rd=https://example2.net/app2";

removing the "config" match from the protection rule,

-       location ~* 
(gulpfile\.js|settings.php|readme|schema|htpasswd|password|config) {
+       location ~* (gulpfile\.js|settings.php|readme|schema|htpasswd|password) 
{

eliminates the problem.

I'd like to edit the match to PASS that^ logged match -- as 
specifically/uniquely as possible -- but CONTINUE to 'deny all' for all 
other/remaining matches on "config".

How would that best be done?  A preceding location match? Or editing the 
existing one?

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply via email to