Deny access

gilvancn · July 4, 2016, 1:13am

I am new to nginx and easyengine and I’m picking up a lot.

I used to use before apache.

My question is as follows:

I have example.com and sub.example.com

How can I deny access to any IP (except my IP) to sub.example.com without interfering with example.com

It is how to do this?

TRADUZIDO DE:

Sou novo em nginx e easyengine e estou apanhando muito.

Costumava usar antes o apache.

Minha questão é a seguinte:

Tenho example.com e sub.example.com

Como posso negar acesso a qualquer IP (exceto o meu IP) a sub.example.com sem interferir em example.com

Tem como fazer isso?

gilvancn · July 4, 2016, 1:24am

I found this code:

location / {
    allow 111.111.111.111/24;
    deny all;
}

Add this “location” in: /etc/nginx/sites-available/sub.example.com

But give conflicts with the “location” in existing: /etc/nginx/common/wpfc.conf

gilvancn · July 4, 2016, 10:23am

Any tips guys.

gilvancn · July 4, 2016, 3:02pm

After much testing found a solution to this case.

Note .: I do not know if it’s the best practice but it worked for me. If anyone knows a better practice is to only comment with us.

Following the same idea as I said above, I added the code without the “location” in: /etc/nginx/sites-available/sub.example.com and it worked fine without interfering with the traffic of example.com

allow 111.111.111.111/24;
deny all;

TRADUZIDO DE:

Depois de muito testar encontrei uma solução para esse caso.

Observação.: Não sei se é a melhor prática mas funcionou pra mim. Se alguém souber uma melhor prática é só comentar conosco.

Seguindo a mesma ideia que comentei acima, adicionei o código sem o “location” em: /etc/nginx/sites-available/sub.example.com e funcionou muito bem sem interferir nos trafego de example.com

CODIGO

ssalil · July 5, 2016, 6:48am

@gilvancn That is not a very bad practice. But in case you have multiple I.Ps to allow or block a better approach will be to create an acl file e.g: /etc/nginx/common/acl.conf and include that file in your server’s configuration. E.g:

  include common/acl.conf;

We use the same configuration in our 22222 configuration file. You use that as a reference.

gilvancn · July 5, 2016, 2:06pm

Thanks @ssalil for your response. I will adopt your practice.

gilvancn · July 8, 2016, 12:35am

@ssalil Do you have to adjust this code to redirect the visitor denied to a specific page or back page?

gilvancn · July 21, 2016, 3:16pm

Any thoughts about, guys?

system · November 9, 2018, 1:50pm