Deny access


#1

I am new to nginx and easyengine and I’m picking up a lot. :smile:

I used to use before apache.

My question is as follows:

I have example.com and sub.example.com

How can I deny access to any IP (except my IP) to sub.example.com without interfering with example.com

It is how to do this?

TRADUZIDO DE:

Sou novo em nginx e easyengine e estou apanhando muito. :smile:

Costumava usar antes o apache.

Minha questão é a seguinte:

Tenho example.com e sub.example.com

Como posso negar acesso a qualquer IP (exceto o meu IP) a sub.example.com sem interferir em example.com

Tem como fazer isso?


#2

I found this code:

location / {
    allow 111.111.111.111/24;
    deny all;
}

Add this “location” in: /etc/nginx/sites-available/sub.example.com

But give conflicts with the “location” in existing: /etc/nginx/common/wpfc.conf


#3

Any tips guys. :slight_smile:


#4

After much testing found a solution to this case.

Note .: I do not know if it’s the best practice but it worked for me. If anyone knows a better practice is to only comment with us. :slight_smile:

Following the same idea as I said above, I added the code without the “location” in: /etc/nginx/sites-available/sub.example.com and it worked fine without interfering with the traffic of example.com

allow 111.111.111.111/24;
deny all;

TRADUZIDO DE:

Depois de muito testar encontrei uma solução para esse caso.

Observação.: Não sei se é a melhor prática mas funcionou pra mim. Se alguém souber uma melhor prática é só comentar conosco. :slight_smile:

Seguindo a mesma ideia que comentei acima, adicionei o código sem o “location” em: /etc/nginx/sites-available/sub.example.com e funcionou muito bem sem interferir nos trafego de example.com

CODIGO


#5

@gilvancn That is not a very bad practice. But in case you have multiple I.Ps to allow or block a better approach will be to create an acl file e.g: /etc/nginx/common/acl.conf and include that file in your server’s configuration. E.g:

  include common/acl.conf;

We use the same configuration in our 22222 configuration file. You use that as a reference.


#6

Thanks @ssalil for your response. I will adopt your practice. :slight_smile:


#7

@ssalil Do you have to adjust this code to redirect the visitor denied to a specific page or back page?


#8

Any thoughts about, guys? :wink:


#9