Re: Nginx Directory Listing - Restrict by IP Address
/; >>>> autoindex on; >>>> if ($forbidlisting) { >>>> rewrite /downloads(.*) /noindex_downloads$1 last; >>>> } >>>> } >>>> location /noindex_downloads/ { >>>> internal; >>>> root /downloads/; >>>> } >>>> >>>> >>>> On 18.05.2018 14:17, Friscia, Michael wrote: >>>> >>>> I think you need to change this a little >>>> >>>> >>>> >>>> map $remote_addr $allowed { >>>> default “off”; >>>> 1.1.1.1 “on”; >>>> 2.2.2.2 “on:; >>>> } >>>> >>>> and then in in the download location block >>>> >>>> autoindex $allowed; >>>> >>>> I use similar logic on different variables and try at all costs to >>>> avoid IF statements anywhere in the configs. >>>> >>>> >>>> >>>> ___ >>>> >>>> Michael Friscia >>>> >>>> Office of Communications >>>> >>>> Yale School of Medicine >>>> >>>> (203) 737-7932 - office >>>> >>>> (203) 931-5381 - mobile >>>> >>>> http://web.yale.edu >>>> >>>> >>>> >>>> *From: *nginx <nginx-boun...@nginx.org> <nginx-boun...@nginx.org> on >>>> behalf of PRAJITH <prajithpalakk...@gmail.com> >>>> <prajithpalakk...@gmail.com> >>>> *Reply-To: *"nginx@nginx.org" <nginx@nginx.org> <nginx@nginx.org> >>>> <nginx@nginx.org> >>>> *Date: *Friday, May 18, 2018 at 2:16 AM >>>> *To: *"nginx@nginx.org" <nginx@nginx.org> <nginx@nginx.org> >>>> <nginx@nginx.org> >>>> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address >>>> >>>> >>>> >>>> Hi Satish, >>>> >>>> There are "if" constructs in nginx, please check http://nginx.org/r/if >>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M=>. >>>> if you want to allow multiple IP addresses, it might be better idea to use >>>> map. eg: >>>> >>>> map $remote_addr $allowed { >>>> default 0; >>>> 1.1.1.1 1; >>>> 2.2.2.2 1; >>>> } >>>> >>>> and then in in the download location block >>>> >>>> if ($allowed = 1) { >>>> autoindex on; >>>> } >>>> >>>> Thanks, >>>> >>>> Prajith >>>> >>>> >>>> >>>> On 18 May 2018 at 05:35, Sathish Kumar <satcs...@gmail.com> wrote: >>>> >>>> Hi Team, >>>> >>>> We have a requirement to allow directory listing from few servers and >>>> disallow from other ip addresses and all IP addresses should be able to >>>> download all files inside the directory. >>>> >>>> Can somebody provide the correct nginx config for the same. >>>> >>>> location / { >>>> >>>> root /downloads; >>>> >>>> autoindex on; >>>> >>>> allow 1.1.1.1; >>>> >>>> deny all; >>>> >>>> } >>>> >>>> If I use the above config, only on 1.1.1.1 IP address can directory >>>> list from this server and can file download but from other IP addresses >>>> download shows forbidden, due to IP address restriction >>>> >>>> Is there a way to overcome this issue, thanks. >>>> >>>> >>>> Thanks & Regards >>>> Sathish.V >>>> >>>> >>>> ___ >>>> nginx mailing list >>>> nginx@nginx.org >>>> http://mailman.nginx.org/mailman/listinfo/nginx >>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk=> >>>> >>>> >>>> >>>> >>>> ___ >>>> nginx mailing >>>> listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx >>>> >>>> >>>> ___ >>>> nginx mailing list >>>> nginx@nginx.org >>>> http://mailman.nginx.org/mailman/listinfo/nginx >>> >>> >>> >>> ___ >>> nginx mailing >>> listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx >>> >>> >>> ___ >>> nginx mailing list >>> nginx@nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >> >> >> >> ___ >> nginx mailing >> listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx >> >> >> ___ >> nginx mailing list >> nginx@nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx Directory Listing - Restrict by IP Address
Hi Igor, I tried your config and getting error, can you help me. location / { alias /downloads/; root /data/files; autoindex on; if ($forbidlisting) { rewrite ^/(.*) /noindex_root/$1 last; } } location /noindex_root/ { internal; alias /downloads/; } nginx: [emerg] "root" directive is duplicate, "alias" directive was specified earlier in domain.conf Thanks & Regards Sathish.V On Sat, May 19, 2018 at 1:03 AM Igor A. Ippolitov <iippoli...@nginx.com> wrote: > This works for me: > > > location / { > alias /downloads/; > autoindex on; > if ($forbidlisting) { > rewrite ^/(.*) /noindex_root/$1 last; > } > } > location /noindex_root/ { > internal; > alias /downloads/; > } > > > > On 18.05.2018 19:32, Sathish Kumar wrote: > > Hi, > > I am doing for location /, in that case how will have to change the below > portion. > > location /downloads { > alias /downloads/; > autoindex on; > if ($forbidlisting) { > rewrite /downloads(.*) /noindex_downloads/$1 last; > } > } > location /noindex_downloads/ { > internal; > alias /downloads/; > } > > > > On Fri, May 18, 2018, 11:10 PM Igor A. Ippolitov <iippoli...@nginx.com> > wrote: > >> Sathish, >> >> I made a couple of minor mistakes. >> >> Please, try following configuration: >> >> >> map $remote_addr $forbidlisting { >> default 1; >> 1.1.1.1 0; >> } >> location /downloads { >> alias /downloads/; >> autoindex on; >> if ($forbidlisting) { >> rewrite /downloads(.*) /noindex_downloads/$1 last; >> } >> } >> location /noindex_downloads/ { >> internal; >> alias /downloads/; >> } >> >> >> I tried it and it works for me. >> >> >> On 18.05.2018 16:01, Sathish Kumar wrote: >> >> Hi, >> >> Tried this option it throws rewrite error and am not able to download >> file from non whitelisted ip addresses. >> >> >> ERROR: >> rewrite or internal redirection cycle while processing >> "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip", >> client: 3.3.3.3, server: abc.com, request: "GET /Downloads/abcd/file.zip >> >> >> On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <iippoli...@nginx.com> >> wrote: >> >>> Hello, guys. >>> >>> I think, you can try something like this: >>> >>> location = /downloads/ { >>> root /downloads/; >>> allow 1.1.1.1; >>> autoindex on; >>> } >>> location /downloads/ { >>> root /downloads/; >>> } >>> >>> This will work nicely if you don't need subdirectories. >>> If you need those, you can use a rewrite like: >>> >>> map $remote_addr $forbidlisting { >>> default 1; >>> 1.1.1.1 0; >>> } >>> location /downloads/ { >>> root /downloads/; >>> autoindex on; >>> if ($forbidlisting) { >>> rewrite /downloads(.*) /noindex_downloads$1 last; >>> } >>> } >>> location /noindex_downloads/ { >>> internal; >>> root /downloads/; >>> } >>> >>> >>> On 18.05.2018 14:17, Friscia, Michael wrote: >>> >>> I think you need to change this a little >>> >>> >>> >>> map $remote_addr $allowed { >>> default “off”; >>> 1.1.1.1 “on”; >>> 2.2.2.2 “on:; >>> } >>> >>> and then in in the download location block >>> >>> autoindex $allowed; >>> >>> I use similar logic on different variables and try at all costs to avoid >>> IF statements anywhere in the configs. >>> >>> >>> >>> ___ >>> >>> Michael Friscia >>> >>> Office of Communications >>> >>> Yale School of Medicine >>> >>> (203) 737-7932 - office >>> >>> (203) 931-5381 - mobile >>> >>> http://web.yale.edu >>> >>> >>> >>> *From: *nginx <nginx-boun...@nginx.org> <nginx-boun...@nginx.org> on >>> beha
Re: Nginx Directory Listing - Restrict by IP Address
This works for me: location / { alias /downloads/; autoindex on; if ($forbidlisting) { rewrite ^/(.*) /noindex_root/$1 last; } } location /noindex_root/ { internal; alias /downloads/; } On 18.05.2018 19:32, Sathish Kumar wrote: Hi, I am doing for location /, in that case how will have to change the below portion. location /downloads { alias /downloads/; autoindex on; if ($forbidlisting) { rewrite /downloads(.*) /noindex_downloads/$1 last; } } location /noindex_downloads/ { internal; alias /downloads/; } On Fri, May 18, 2018, 11:10 PM Igor A. Ippolitov <iippoli...@nginx.com <mailto:iippoli...@nginx.com>> wrote: Sathish, I made a couple of minor mistakes. Please, try following configuration: map $remote_addr $forbidlisting { default 1; 1.1.1.1 0; } location /downloads { alias /downloads/; autoindex on; if ($forbidlisting) { rewrite /downloads(.*) /noindex_downloads/$1 last; } } location /noindex_downloads/ { internal; alias /downloads/; } I tried it and it works for me. On 18.05.2018 16:01, Sathish Kumar wrote: Hi, Tried this option it throws rewrite error and am not able to download file from non whitelisted ip addresses. ERROR: rewrite or internal redirection cycle while processing "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip", client: 3.3.3.3, server: abc.com <http://abc.com>, request: "GET /Downloads/abcd/file.zip On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <iippoli...@nginx.com <mailto:iippoli...@nginx.com>> wrote: Hello, guys. I think, you can try something like this: location = /downloads/ { root /downloads/; allow 1.1.1.1; autoindex on; } location /downloads/ { root /downloads/; } This will work nicely if you don't need subdirectories. If you need those, you can use a rewrite like: map $remote_addr $forbidlisting { default 1; 1.1.1.1 0; } location /downloads/ { root /downloads/; autoindex on; if ($forbidlisting) { rewrite /downloads(.*) /noindex_downloads$1 last; } } location /noindex_downloads/ { internal; root /downloads/; } On 18.05.2018 14:17, Friscia, Michael wrote: I think you need to change this a little map $remote_addr $allowed { default “off”; 1.1.1.1 “on”; 2.2.2.2 “on:; } and then in in the download location block autoindex $allowed; I use similar logic on different variables and try at all costs to avoid IF statements anywhere in the configs. ___ Michael Friscia Office of Communications Yale School of Medicine (203) 737-7932 - office (203) 931-5381 - mobile http://web.yale.edu <http://web.yale.edu/> *From: *nginx <nginx-boun...@nginx.org> <mailto:nginx-boun...@nginx.org> on behalf of PRAJITH <prajithpalakk...@gmail.com> <mailto:prajithpalakk...@gmail.com> *Reply-To: *"nginx@nginx.org" <mailto:nginx@nginx.org> <nginx@nginx.org> <mailto:nginx@nginx.org> *Date: *Friday, May 18, 2018 at 2:16 AM *To: *"nginx@nginx.org" <mailto:nginx@nginx.org> <nginx@nginx.org> <mailto:nginx@nginx.org> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address Hi Satish, There are "if" constructs in nginx, please check http://nginx.org/r/if<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M=>. if you want to allow multiple IP addresses, it might be better idea to use map. eg: map $remote_addr $allowed { default 0; 1.1.1.1 1; 2.2.2.2 1; } and then in in the download location block if ($allowed = 1) { autoindex on; } Thanks, Prajith On 18 May 2018 at 05:35, Sathish Kumar <satcs...@gmail.com<mailto:satcs
Re: Nginx Directory Listing - Restrict by IP Address
On Fri, May 18, 2018 at 08:05:34AM +0800, Sathish Kumar wrote: Hi there, > We have a requirement to allow directory listing from few servers and > disallow from other ip addresses and all IP addresses should be able to > download all files inside the directory. "Directory listings" is presumably only relevant when the request url ends in /. So if you have "autoindex on", then all you need to do is disallow some IP addresses from accessing those urls. > location / { > root /downloads; > autoindex on; > allow 1.1.1.1; > deny all; > } Replace the allow/deny part with location ~ /$ { allow 1.1.1.1; deny all; } and it should do what you want. The end result is: request ends in / --> check the allow list; otherwise, allow as normal. f -- Francis Dalyfran...@daoine.org ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx Directory Listing - Restrict by IP Address
Hi, I am doing for location /, in that case how will have to change the below portion. location /downloads { alias /downloads/; autoindex on; if ($forbidlisting) { rewrite /downloads(.*) /noindex_downloads/$1 last; } } location /noindex_downloads/ { internal; alias /downloads/; } On Fri, May 18, 2018, 11:10 PM Igor A. Ippolitov <iippoli...@nginx.com> wrote: > Sathish, > > I made a couple of minor mistakes. > > Please, try following configuration: > > > map $remote_addr $forbidlisting { > default 1; > 1.1.1.1 0; > } > location /downloads { > alias /downloads/; > autoindex on; > if ($forbidlisting) { > rewrite /downloads(.*) /noindex_downloads/$1 last; > } > } > location /noindex_downloads/ { > internal; > alias /downloads/; > } > > > I tried it and it works for me. > > > On 18.05.2018 16:01, Sathish Kumar wrote: > > Hi, > > Tried this option it throws rewrite error and am not able to download file > from non whitelisted ip addresses. > > > ERROR: > rewrite or internal redirection cycle while processing > "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip", > client: 3.3.3.3, server: abc.com, request: "GET /Downloads/abcd/file.zip > > > On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <iippoli...@nginx.com> > wrote: > >> Hello, guys. >> >> I think, you can try something like this: >> >> location = /downloads/ { >> root /downloads/; >> allow 1.1.1.1; >> autoindex on; >> } >> location /downloads/ { >> root /downloads/; >> } >> >> This will work nicely if you don't need subdirectories. >> If you need those, you can use a rewrite like: >> >> map $remote_addr $forbidlisting { >> default 1; >> 1.1.1.1 0; >> } >> location /downloads/ { >> root /downloads/; >> autoindex on; >> if ($forbidlisting) { >> rewrite /downloads(.*) /noindex_downloads$1 last; >> } >> } >> location /noindex_downloads/ { >> internal; >> root /downloads/; >> } >> >> >> On 18.05.2018 14:17, Friscia, Michael wrote: >> >> I think you need to change this a little >> >> >> >> map $remote_addr $allowed { >> default “off”; >> 1.1.1.1 “on”; >> 2.2.2.2 “on:; >> } >> >> and then in in the download location block >> >> autoindex $allowed; >> >> I use similar logic on different variables and try at all costs to avoid >> IF statements anywhere in the configs. >> >> >> >> ___ >> >> Michael Friscia >> >> Office of Communications >> >> Yale School of Medicine >> >> (203) 737-7932 - office >> >> (203) 931-5381 - mobile >> >> http://web.yale.edu >> >> >> >> *From: *nginx <nginx-boun...@nginx.org> <nginx-boun...@nginx.org> on >> behalf of PRAJITH <prajithpalakk...@gmail.com> >> <prajithpalakk...@gmail.com> >> *Reply-To: *"nginx@nginx.org" <nginx@nginx.org> <nginx@nginx.org> >> <nginx@nginx.org> >> *Date: *Friday, May 18, 2018 at 2:16 AM >> *To: *"nginx@nginx.org" <nginx@nginx.org> <nginx@nginx.org> >> <nginx@nginx.org> >> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address >> >> >> >> Hi Satish, >> >> There are "if" constructs in nginx, please check http://nginx.org/r/if >> <https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M=>. >> if you want to allow multiple IP addresses, it might be better idea to use >> map. eg: >> >> map $remote_addr $allowed { >> default 0; >> 1.1.1.1 1; >> 2.2.2.2 1; >> } >> >> and then in in the download location block >> >> if ($allowed = 1) { >> autoindex on; >> } >> >> Thanks, >> >> Prajith >> >> >> >> On 18 May 2018 at 05:35, Sathish Kumar <satcs...@gmail.com> wrote: >> >> Hi Team, >> >> We h
Re: Nginx Directory Listing - Restrict by IP Address
Sathish, I made a couple of minor mistakes. Please, try following configuration: map $remote_addr $forbidlisting { default 1; 1.1.1.1 0; } location /downloads { alias /downloads/; autoindex on; if ($forbidlisting) { rewrite /downloads(.*) /noindex_downloads/$1 last; } } location /noindex_downloads/ { internal; alias /downloads/; } I tried it and it works for me. On 18.05.2018 16:01, Sathish Kumar wrote: Hi, Tried this option it throws rewrite error and am not able to download file from non whitelisted ip addresses. ERROR: rewrite or internal redirection cycle while processing "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip", client: 3.3.3.3, server: abc.com <http://abc.com>, request: "GET /Downloads/abcd/file.zip On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <iippoli...@nginx.com <mailto:iippoli...@nginx.com>> wrote: Hello, guys. I think, you can try something like this: location = /downloads/ { root /downloads/; allow 1.1.1.1; autoindex on; } location /downloads/ { root /downloads/; } This will work nicely if you don't need subdirectories. If you need those, you can use a rewrite like: map $remote_addr $forbidlisting { default 1; 1.1.1.1 0; } location /downloads/ { root /downloads/; autoindex on; if ($forbidlisting) { rewrite /downloads(.*) /noindex_downloads$1 last; } } location /noindex_downloads/ { internal; root /downloads/; } On 18.05.2018 14:17, Friscia, Michael wrote: I think you need to change this a little map $remote_addr $allowed { default “off”; 1.1.1.1 “on”; 2.2.2.2 “on:; } and then in in the download location block autoindex $allowed; I use similar logic on different variables and try at all costs to avoid IF statements anywhere in the configs. ___ Michael Friscia Office of Communications Yale School of Medicine (203) 737-7932 - office (203) 931-5381 - mobile http://web.yale.edu <http://web.yale.edu/> *From: *nginx <nginx-boun...@nginx.org> <mailto:nginx-boun...@nginx.org> on behalf of PRAJITH <prajithpalakk...@gmail.com> <mailto:prajithpalakk...@gmail.com> *Reply-To: *"nginx@nginx.org" <mailto:nginx@nginx.org> <nginx@nginx.org> <mailto:nginx@nginx.org> *Date: *Friday, May 18, 2018 at 2:16 AM *To: *"nginx@nginx.org" <mailto:nginx@nginx.org> <nginx@nginx.org> <mailto:nginx@nginx.org> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address Hi Satish, There are "if" constructs in nginx, please check http://nginx.org/r/if<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M=>. if you want to allow multiple IP addresses, it might be better idea to use map. eg: map $remote_addr $allowed { default 0; 1.1.1.1 1; 2.2.2.2 1; } and then in in the download location block if ($allowed = 1) { autoindex on; } Thanks, Prajith On 18 May 2018 at 05:35, Sathish Kumar <satcs...@gmail.com<mailto:satcs...@gmail.com>> wrote: Hi Team, We have a requirement to allow directory listing from few servers and disallow from other ip addresses and all IP addresses should be able to download all files inside the directory. Can somebody provide the correct nginx config for the same. |location / {| |root /downloads;| |autoindex on;| |allow 1.1.1.1;| |deny all;| |}| If I use the above config, only on 1.1.1.1 IP address can directory list from this server and can file download but from other IP addresses download shows forbidden, due to IP address restriction Is there a way to overcome this issue, thanks. Thanks & Regards Sathish.V ___ nginx mailing list nginx@nginx.org<mailto:nginx@nginx.org> http://mailman.nginx.org/mailman/listinfo/nginx<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkT
Re: Nginx Directory Listing - Restrict by IP Address
Since this requires more logic, I think you can implement this in an application server / server-side scripting like php/python etc your application must verify the IP address and list files rather than web server On Fri, May 18, 2018 at 6:25 PM, Sathish Kumar <satcs...@gmail.com> wrote: > Hi, > > I tried this option but it says autoindex need to be on or off and it's > not accepting a variable. > > > [emerg] invalid value "$allowed" in "autoindex" directive, it must be "on" > or "off" in domain.conf > > > On Fri, May 18, 2018, 7:18 PM Friscia, Michael <michael.fris...@yale.edu> > wrote: > >> I think you need to change this a little >> >> >> >> map $remote_addr $allowed { >> default “off”; >> 1.1.1.1 “on”; >> 2.2.2.2 “on:; >> } >> >> and then in in the download location block >> >> autoindex $allowed; >> >> I use similar logic on different variables and try at all costs to avoid >> IF statements anywhere in the configs. >> >> >> >> ___ >> >> Michael Friscia >> >> Office of Communications >> >> Yale School of Medicine >> >> (203) 737-7932 - office >> >> (203) 931-5381 - mobile >> >> http://web.yale.edu >> >> >> >> *From: *nginx <nginx-boun...@nginx.org> on behalf of PRAJITH < >> prajithpalakk...@gmail.com> >> *Reply-To: *"nginx@nginx.org" <nginx@nginx.org> >> *Date: *Friday, May 18, 2018 at 2:16 AM >> *To: *"nginx@nginx.org" <nginx@nginx.org> >> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address >> >> >> >> Hi Satish, >> >> There are "if" constructs in nginx, please check http://nginx.org/r/if >> <https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M=>. >> if you want to allow multiple IP addresses, it might be better idea to use >> map. eg: >> >> map $remote_addr $allowed { >> default 0; >> 1.1.1.1 1; >> 2.2.2.2 1; >> } >> >> and then in in the download location block >> >> if ($allowed = 1) { >> autoindex on; >> } >> >> Thanks, >> >> Prajith >> >> >> >> On 18 May 2018 at 05:35, Sathish Kumar <satcs...@gmail.com> wrote: >> >> Hi Team, >> >> We have a requirement to allow directory listing from few servers and >> disallow from other ip addresses and all IP addresses should be able to >> download all files inside the directory. >> >> Can somebody provide the correct nginx config for the same. >> >> location / { >> >> root /downloads; >> >> autoindex on; >> >> allow 1.1.1.1; >> >> deny all; >> >> } >> >> If I use the above config, only on 1.1.1.1 IP address can directory list >> from this server and can file download but from other IP addresses download >> shows forbidden, due to IP address restriction >> >> Is there a way to overcome this issue, thanks. >> >> >> Thanks & Regards >> Sathish.V >> >> >> ___ >> nginx mailing list >> nginx@nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> <https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk=> >> >> >> ___ >> nginx mailing list >> nginx@nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- *Anoop P Alias* ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx Directory Listing - Restrict by IP Address
Hi, Tried this option it throws rewrite error and am not able to download file from non whitelisted ip addresses. ERROR: rewrite or internal redirection cycle while processing "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip", client: 3.3.3.3, server: abc.com, request: "GET /Downloads/abcd/file.zip On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <iippoli...@nginx.com> wrote: > Hello, guys. > > I think, you can try something like this: > > location = /downloads/ { > root /downloads/; > allow 1.1.1.1; > autoindex on; > } > location /downloads/ { > root /downloads/; > } > > This will work nicely if you don't need subdirectories. > If you need those, you can use a rewrite like: > > map $remote_addr $forbidlisting { > default 1; > 1.1.1.1 0; > } > location /downloads/ { > root /downloads/; > autoindex on; > if ($forbidlisting) { > rewrite /downloads(.*) /noindex_downloads$1 last; > } > } > location /noindex_downloads/ { > internal; > root /downloads/; > } > > > On 18.05.2018 14:17, Friscia, Michael wrote: > > I think you need to change this a little > > > > map $remote_addr $allowed { > default “off”; > 1.1.1.1 “on”; > 2.2.2.2 “on:; > } > > and then in in the download location block > > autoindex $allowed; > > I use similar logic on different variables and try at all costs to avoid > IF statements anywhere in the configs. > > > > ___ > > Michael Friscia > > Office of Communications > > Yale School of Medicine > > (203) 737-7932 - office > > (203) 931-5381 - mobile > > http://web.yale.edu > > > > *From: *nginx <nginx-boun...@nginx.org> <nginx-boun...@nginx.org> on > behalf of PRAJITH <prajithpalakk...@gmail.com> > <prajithpalakk...@gmail.com> > *Reply-To: *"nginx@nginx.org" <nginx@nginx.org> <nginx@nginx.org> > <nginx@nginx.org> > *Date: *Friday, May 18, 2018 at 2:16 AM > *To: *"nginx@nginx.org" <nginx@nginx.org> <nginx@nginx.org> > <nginx@nginx.org> > *Subject: *Re: Nginx Directory Listing - Restrict by IP Address > > > > Hi Satish, > > There are "if" constructs in nginx, please check http://nginx.org/r/if > <https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M=>. > if you want to allow multiple IP addresses, it might be better idea to use > map. eg: > > map $remote_addr $allowed { > default 0; > 1.1.1.1 1; > 2.2.2.2 1; > } > > and then in in the download location block > > if ($allowed = 1) { > autoindex on; > } > > Thanks, > > Prajith > > > > On 18 May 2018 at 05:35, Sathish Kumar <satcs...@gmail.com> wrote: > > Hi Team, > > We have a requirement to allow directory listing from few servers and > disallow from other ip addresses and all IP addresses should be able to > download all files inside the directory. > > Can somebody provide the correct nginx config for the same. > > location / { > > root /downloads; > > autoindex on; > > allow 1.1.1.1; > > deny all; > > } > > If I use the above config, only on 1.1.1.1 IP address can directory list > from this server and can file download but from other IP addresses download > shows forbidden, due to IP address restriction > > Is there a way to overcome this issue, thanks. > > > Thanks & Regards > Sathish.V > > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > <https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk=> > > > > > ___ > nginx mailing > listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx > > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx Directory Listing - Restrict by IP Address
Hi, I tried this option but it says autoindex need to be on or off and it's not accepting a variable. [emerg] invalid value "$allowed" in "autoindex" directive, it must be "on" or "off" in domain.conf On Fri, May 18, 2018, 7:18 PM Friscia, Michael <michael.fris...@yale.edu> wrote: > I think you need to change this a little > > > > map $remote_addr $allowed { > default “off”; > 1.1.1.1 “on”; > 2.2.2.2 “on:; > } > > and then in in the download location block > > autoindex $allowed; > > I use similar logic on different variables and try at all costs to avoid > IF statements anywhere in the configs. > > > > ___ > > Michael Friscia > > Office of Communications > > Yale School of Medicine > > (203) 737-7932 - office > > (203) 931-5381 - mobile > > http://web.yale.edu > > > > *From: *nginx <nginx-boun...@nginx.org> on behalf of PRAJITH < > prajithpalakk...@gmail.com> > *Reply-To: *"nginx@nginx.org" <nginx@nginx.org> > *Date: *Friday, May 18, 2018 at 2:16 AM > *To: *"nginx@nginx.org" <nginx@nginx.org> > *Subject: *Re: Nginx Directory Listing - Restrict by IP Address > > > > Hi Satish, > > There are "if" constructs in nginx, please check http://nginx.org/r/if > <https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M=>. > if you want to allow multiple IP addresses, it might be better idea to use > map. eg: > > map $remote_addr $allowed { > default 0; > 1.1.1.1 1; > 2.2.2.2 1; > } > > and then in in the download location block > > if ($allowed = 1) { > autoindex on; > } > > Thanks, > > Prajith > > > > On 18 May 2018 at 05:35, Sathish Kumar <satcs...@gmail.com> wrote: > > Hi Team, > > We have a requirement to allow directory listing from few servers and > disallow from other ip addresses and all IP addresses should be able to > download all files inside the directory. > > Can somebody provide the correct nginx config for the same. > > location / { > > root /downloads; > > autoindex on; > > allow 1.1.1.1; > > deny all; > > } > > If I use the above config, only on 1.1.1.1 IP address can directory list > from this server and can file download but from other IP addresses download > shows forbidden, due to IP address restriction > > Is there a way to overcome this issue, thanks. > > > Thanks & Regards > Sathish.V > > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > <https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk=> > > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx Directory Listing - Restrict by IP Address
Hello, guys. I think, you can try something like this: location = /downloads/ { root /downloads/; allow 1.1.1.1; autoindex on; } location /downloads/ { root /downloads/; } This will work nicely if you don't need subdirectories. If you need those, you can use a rewrite like: map $remote_addr $forbidlisting { default 1; 1.1.1.1 0; } location /downloads/ { root /downloads/; autoindex on; if ($forbidlisting) { rewrite /downloads(.*) /noindex_downloads$1 last; } } location /noindex_downloads/ { internal; root /downloads/; } On 18.05.2018 14:17, Friscia, Michael wrote: I think you need to change this a little map $remote_addr $allowed { default “off”; 1.1.1.1 “on”; 2.2.2.2 “on:; } and then in in the download location block autoindex $allowed; I use similar logic on different variables and try at all costs to avoid IF statements anywhere in the configs. ___ Michael Friscia Office of Communications Yale School of Medicine (203) 737-7932 - office (203) 931-5381 - mobile http://web.yale.edu <http://web.yale.edu/> *From: *nginx <nginx-boun...@nginx.org> on behalf of PRAJITH <prajithpalakk...@gmail.com> *Reply-To: *"nginx@nginx.org" <nginx@nginx.org> *Date: *Friday, May 18, 2018 at 2:16 AM *To: *"nginx@nginx.org" <nginx@nginx.org> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address Hi Satish, There are "if" constructs in nginx, please check http://nginx.org/r/if<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M=>. if you want to allow multiple IP addresses, it might be better idea to use map. eg: map $remote_addr $allowed { default 0; 1.1.1.1 1; 2.2.2.2 1; } and then in in the download location block if ($allowed = 1) { autoindex on; } Thanks, Prajith On 18 May 2018 at 05:35, Sathish Kumar <satcs...@gmail.com<mailto:satcs...@gmail.com>> wrote: Hi Team, We have a requirement to allow directory listing from few servers and disallow from other ip addresses and all IP addresses should be able to download all files inside the directory. Can somebody provide the correct nginx config for the same. |location / {| |root /downloads;| |autoindex on;| |allow 1.1.1.1;| |deny all;| |}| If I use the above config, only on 1.1.1.1 IP address can directory list from this server and can file download but from other IP addresses download shows forbidden, due to IP address restriction Is there a way to overcome this issue, thanks. Thanks & Regards Sathish.V ___ nginx mailing list nginx@nginx.org<mailto:nginx@nginx.org> http://mailman.nginx.org/mailman/listinfo/nginx<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk=> ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx Directory Listing - Restrict by IP Address
I think you need to change this a little map $remote_addr $allowed { default “off”; 1.1.1.1 “on”; 2.2.2.2 “on:; } and then in in the download location block autoindex $allowed; I use similar logic on different variables and try at all costs to avoid IF statements anywhere in the configs. ___ Michael Friscia Office of Communications Yale School of Medicine (203) 737-7932 - office (203) 931-5381 - mobile http://web.yale.edu<http://web.yale.edu/> From: nginx <nginx-boun...@nginx.org> on behalf of PRAJITH <prajithpalakk...@gmail.com> Reply-To: "nginx@nginx.org" <nginx@nginx.org> Date: Friday, May 18, 2018 at 2:16 AM To: "nginx@nginx.org" <nginx@nginx.org> Subject: Re: Nginx Directory Listing - Restrict by IP Address Hi Satish, There are "if" constructs in nginx, please check http://nginx.org/r/if<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M=>. if you want to allow multiple IP addresses, it might be better idea to use map. eg: map $remote_addr $allowed { default 0; 1.1.1.1 1; 2.2.2.2 1; } and then in in the download location block if ($allowed = 1) { autoindex on; } Thanks, Prajith On 18 May 2018 at 05:35, Sathish Kumar <satcs...@gmail.com<mailto:satcs...@gmail.com>> wrote: Hi Team, We have a requirement to allow directory listing from few servers and disallow from other ip addresses and all IP addresses should be able to download all files inside the directory. Can somebody provide the correct nginx config for the same. location / { root /downloads; autoindex on; allow 1.1.1.1; deny all; } If I use the above config, only on 1.1.1.1 IP address can directory list from this server and can file download but from other IP addresses download shows forbidden, due to IP address restriction Is there a way to overcome this issue, thanks. Thanks & Regards Sathish.V ___ nginx mailing list nginx@nginx.org<mailto:nginx@nginx.org> http://mailman.nginx.org/mailman/listinfo/nginx<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx=DwMFaQ=cjytLXgP8ixuoHflwc-poQ=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk=> ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx Directory Listing - Restrict by IP Address
Hi Prajith, I had tried this option but autoindex is not allowed under if statement. location / { root /downloads; if ($allowed = 1) { autoindex on; } } Error: "autoindex" directive is not allowed here in domain.conf Thanks & Regards Sathish.V On Fri, May 18, 2018 at 2:16 PM PRAJITHwrote: > Hi Satish, > > There are "if" constructs in nginx, please check http://nginx.org/r/if. > if you want to allow multiple IP addresses, it might be better idea to use > map. eg: > > map $remote_addr $allowed { > default 0; > 1.1.1.1 1; > 2.2.2.2 1; > } > > and then in in the download location block > > if ($allowed = 1) { > autoindex on; > } > > Thanks, > Prajith > > On 18 May 2018 at 05:35, Sathish Kumar wrote: > >> Hi Team, >> >> We have a requirement to allow directory listing from few servers and >> disallow from other ip addresses and all IP addresses should be able to >> download all files inside the directory. >> >> Can somebody provide the correct nginx config for the same. >> >> location / { >> root /downloads; >> autoindex on; >> allow 1.1.1.1; >> deny all; >> } >> >> If I use the above config, only on 1.1.1.1 IP address can directory list >> from this server and can file download but from other IP addresses download >> shows forbidden, due to IP address restriction >> >> Is there a way to overcome this issue, thanks. >> >> Thanks & Regards >> Sathish.V >> >> ___ >> nginx mailing list >> nginx@nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx Directory Listing - Restrict by IP Address
Hi Satish, There are "if" constructs in nginx, please check http://nginx.org/r/if. if you want to allow multiple IP addresses, it might be better idea to use map. eg: map $remote_addr $allowed { default 0; 1.1.1.1 1; 2.2.2.2 1; } and then in in the download location block if ($allowed = 1) { autoindex on; } Thanks, Prajith On 18 May 2018 at 05:35, Sathish Kumarwrote: > Hi Team, > > We have a requirement to allow directory listing from few servers and > disallow from other ip addresses and all IP addresses should be able to > download all files inside the directory. > > Can somebody provide the correct nginx config for the same. > > location / { > root /downloads; > autoindex on; > allow 1.1.1.1; > deny all; > } > > If I use the above config, only on 1.1.1.1 IP address can directory list > from this server and can file download but from other IP addresses download > shows forbidden, due to IP address restriction > > Is there a way to overcome this issue, thanks. > > Thanks & Regards > Sathish.V > > ___ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx