Discussion:
Nginx Directory Listing - Restrict by IP Address
Friscia, Michael
2018-05-18 11:17:52 UTC
Permalink
I think you need to change this a little

map $remote_addr $allowed {
default “off”;
1.1.1.1 “on”;
2.2.2.2 “on:;
}
and then in in the download location block

autoindex $allowed;
I use similar logic on different variables and try at all costs to avoid IF statements anywhere in the configs.

___________________________________________
Michael Friscia
Office of Communications
Yale School of Medicine
(203) 737-7932 - office
(203) 931-5381 - mobile
http://web.yale.edu<http://web.yale.edu/>

From: nginx <nginx-***@nginx.org> on behalf of PRAJITH <***@gmail.com>
Reply-To: "***@nginx.org" <***@nginx.org>
Date: Friday, May 18, 2018 at 2:16 AM
To: "***@nginx.org" <***@nginx.org>
Subject: Re: Nginx Directory Listing - Restrict by IP Address

Hi Satish,
There are "if" constructs in nginx, please check http://nginx.org/r/if<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=>. if you want to allow multiple IP addresses, it might be better idea to use map. eg:

map $remote_addr $allowed {
default 0;
1.1.1.1 1;
2.2.2.2 1;
}
and then in in the download location block

if ($allowed = 1) {
autoindex on;
}
Thanks,
Prajith

On 18 May 2018 at 05:35, Sathish Kumar <***@gmail.com<mailto:***@gmail.com>> wrote:

Hi Team,

We have a requirement to allow directory listing from few servers and disallow from other ip addresses and all IP addresses should be able to download all files inside the directory.

Can somebody provide the correct nginx config for the same.

location / {

root /downloads;

autoindex on;

allow 1.1.1.1;

deny all;

}

If I use the above config, only on 1.1.1.1 IP address can directory list from this server and can file download but from other IP addresses download shows forbidden, due to IP address restriction

Is there a way to overcome this issue, thanks.

Thanks & Regards
Sathish.V

_______________________________________________
nginx mailing list
***@nginx.org<mailto:***@nginx.org>
http://mailman.nginx.org/mailman/listinfo/nginx<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=>
Sathish Kumar
2018-05-18 13:01:27 UTC
Permalink
Hi,

Tried this option it throws rewrite error and am not able to download file
from non whitelisted ip addresses.


ERROR:
rewrite or internal redirection cycle while processing
"/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
client: 3.3.3.3, server: abc.com, request: "GET /Downloads/abcd/file.zip
Hello, guys.
location = /downloads/ {
root /downloads/;
allow 1.1.1.1;
autoindex on;
}
location /downloads/ {
root /downloads/;
}
This will work nicely if you don't need subdirectories.
map $remote_addr $forbidlisting {
default 1;
1.1.1.1 0;
}
location /downloads/ {
root /downloads/;
autoindex on;
if ($forbidlisting) {
rewrite /downloads(.*) /noindex_downloads$1 last;
}
}
location /noindex_downloads/ {
internal;
root /downloads/;
}
I think you need to change this a little
map $remote_addr $allowed {
default “off”;
1.1.1.1 “on”;
2.2.2.2 “on:;
}
and then in in the download location block
autoindex $allowed;
I use similar logic on different variables and try at all costs to avoid
IF statements anywhere in the configs.
___________________________________________
Michael Friscia
Office of Communications
Yale School of Medicine
(203) 737-7932 - office
(203) 931-5381 - mobile
http://web.yale.edu
*Date: *Friday, May 18, 2018 at 2:16 AM
*Subject: *Re: Nginx Directory Listing - Restrict by IP Address
Hi Satish,
There are "if" constructs in nginx, please check http://nginx.org/r/if
<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=>.
if you want to allow multiple IP addresses, it might be better idea to use
map $remote_addr $allowed {
default 0;
1.1.1.1 1;
2.2.2.2 1;
}
and then in in the download location block
if ($allowed = 1) {
autoindex on;
}
Thanks,
Prajith
Hi Team,
We have a requirement to allow directory listing from few servers and
disallow from other ip addresses and all IP addresses should be able to
download all files inside the directory.
Can somebody provide the correct nginx config for the same.
location / {
root /downloads;
autoindex on;
allow 1.1.1.1;
deny all;
}
If I use the above config, only on 1.1.1.1 IP address can directory list
from this server and can file download but from other IP addresses download
shows forbidden, due to IP address restriction
Is there a way to overcome this issue, thanks.
Thanks & Regards
Sathish.V
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=>
_______________________________________________
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
Sathish Kumar
2018-05-18 16:32:16 UTC
Permalink
Hi,

I am doing for location /, in that case how will have to change the below
portion.

location /downloads {
alias /downloads/;
autoindex on;
if ($forbidlisting) {
rewrite /downloads(.*) /noindex_downloads/$1 last;
}
}
location /noindex_downloads/ {
internal;
alias /downloads/;
}
Sathish,
I made a couple of minor mistakes.
map $remote_addr $forbidlisting {
default 1;
1.1.1.1 0;
}
location /downloads {
alias /downloads/;
autoindex on;
if ($forbidlisting) {
rewrite /downloads(.*) /noindex_downloads/$1 last;
}
}
location /noindex_downloads/ {
internal;
alias /downloads/;
}
I tried it and it works for me.
Hi,
Tried this option it throws rewrite error and am not able to download file
from non whitelisted ip addresses.
rewrite or internal redirection cycle while processing
"/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
client: 3.3.3.3, server: abc.com, request: "GET /Downloads/abcd/file.zip
Hello, guys.
location = /downloads/ {
root /downloads/;
allow 1.1.1.1;
autoindex on;
}
location /downloads/ {
root /downloads/;
}
This will work nicely if you don't need subdirectories.
map $remote_addr $forbidlisting {
default 1;
1.1.1.1 0;
}
location /downloads/ {
root /downloads/;
autoindex on;
if ($forbidlisting) {
rewrite /downloads(.*) /noindex_downloads$1 last;
}
}
location /noindex_downloads/ {
internal;
root /downloads/;
}
I think you need to change this a little
map $remote_addr $allowed {
default “off”;
1.1.1.1 “on”;
2.2.2.2 “on:;
}
and then in in the download location block
autoindex $allowed;
I use similar logic on different variables and try at all costs to avoid
IF statements anywhere in the configs.
___________________________________________
Michael Friscia
Office of Communications
Yale School of Medicine
(203) 737-7932 - office
(203) 931-5381 - mobile
http://web.yale.edu
*Date: *Friday, May 18, 2018 at 2:16 AM
*Subject: *Re: Nginx Directory Listing - Restrict by IP Address
Hi Satish,
There are "if" constructs in nginx, please check http://nginx.org/r/if
<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=>.
if you want to allow multiple IP addresses, it might be better idea to use
map $remote_addr $allowed {
default 0;
1.1.1.1 1;
2.2.2.2 1;
}
and then in in the download location block
if ($allowed = 1) {
autoindex on;
}
Thanks,
Prajith
Hi Team,
We have a requirement to allow directory listing from few servers and
disallow from other ip addresses and all IP addresses should be able to
download all files inside the directory.
Can somebody provide the correct nginx config for the same.
location / {
root /downloads;
autoindex on;
allow 1.1.1.1;
deny all;
}
If I use the above config, only on 1.1.1.1 IP address can directory list
from this server and can file download but from other IP addresses download
shows forbidden, due to IP address restriction
Is there a way to overcome this issue, thanks.
Thanks & Regards
Sathish.V
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=>
_______________________________________________
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
Sathish Kumar
2018-05-19 01:39:03 UTC
Permalink
Hi Igor,

I tried your config and getting error, can you help me.

location / {

alias /downloads/;
root /data/files;
autoindex on;

if ($forbidlisting) {
rewrite ^/(.*) /noindex_root/$1 last;

}
}
location /noindex_root/ {
internal;
alias /downloads/;
}


nginx: [emerg] "root" directive is duplicate, "alias" directive was
specified earlier in domain.conf



Thanks & Regards
Sathish.V
Post by Friscia, Michael
location / {
alias /downloads/;
autoindex on;
if ($forbidlisting) {
rewrite ^/(.*) /noindex_root/$1 last;
}
}
location /noindex_root/ {
internal;
alias /downloads/;
}
Hi,
I am doing for location /, in that case how will have to change the below
portion.
location /downloads {
alias /downloads/;
autoindex on;
if ($forbidlisting) {
rewrite /downloads(.*) /noindex_downloads/$1 last;
}
}
location /noindex_downloads/ {
internal;
alias /downloads/;
}
Sathish,
I made a couple of minor mistakes.
map $remote_addr $forbidlisting {
default 1;
1.1.1.1 0;
}
location /downloads {
alias /downloads/;
autoindex on;
if ($forbidlisting) {
rewrite /downloads(.*) /noindex_downloads/$1 last;
}
}
location /noindex_downloads/ {
internal;
alias /downloads/;
}
I tried it and it works for me.
Hi,
Tried this option it throws rewrite error and am not able to download
file from non whitelisted ip addresses.
rewrite or internal redirection cycle while processing
"/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
client: 3.3.3.3, server: abc.com, request: "GET /Downloads/abcd/file.zip
Hello, guys.
location = /downloads/ {
root /downloads/;
allow 1.1.1.1;
autoindex on;
}
location /downloads/ {
root /downloads/;
}
This will work nicely if you don't need subdirectories.
map $remote_addr $forbidlisting {
default 1;
1.1.1.1 0;
}
location /downloads/ {
root /downloads/;
autoindex on;
if ($forbidlisting) {
rewrite /downloads(.*) /noindex_downloads$1 last;
}
}
location /noindex_downloads/ {
internal;
root /downloads/;
}
I think you need to change this a little
map $remote_addr $allowed {
default “off”;
1.1.1.1 “on”;
2.2.2.2 “on:;
}
and then in in the download location block
autoindex $allowed;
I use similar logic on different variables and try at all costs to avoid
IF statements anywhere in the configs.
___________________________________________
Michael Friscia
Office of Communications
Yale School of Medicine
(203) 737-7932 - office
(203) 931-5381 - mobile
http://web.yale.edu
*Date: *Friday, May 18, 2018 at 2:16 AM
*Subject: *Re: Nginx Directory Listing - Restrict by IP Address
Hi Satish,
There are "if" constructs in nginx, please check http://nginx.org/r/if
<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=>.
if you want to allow multiple IP addresses, it might be better idea to use
map $remote_addr $allowed {
default 0;
1.1.1.1 1;
2.2.2.2 1;
}
and then in in the download location block
if ($allowed = 1) {
autoindex on;
}
Thanks,
Prajith
Hi Team,
We have a requirement to allow directory listing from few servers and
disallow from other ip addresses and all IP addresses should be able to
download all files inside the directory.
Can somebody provide the correct nginx config for the same.
location / {
root /downloads;
autoindex on;
allow 1.1.1.1;
deny all;
}
If I use the above config, only on 1.1.1.1 IP address can directory list
from this server and can file download but from other IP addresses download
shows forbidden, due to IP address restriction
Is there a way to overcome this issue, thanks.
Thanks & Regards
Sathish.V
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=>
_______________________________________________
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
Sathish Kumar
2018-05-19 03:59:19 UTC
Permalink
Hi All,

I got it working now by adding the below code. Hope it will be useful for
who ever may need or looking for a solution. Only whitelisted IP addresses
can do directory listing, other IP addresses can only download the files.

nginx.conf

http{
....
geo $geoAutoIndexWhitelist {
default 0;
1.1.1.1 1;
}
}

site domain config domain.conf

server {
....
root /data/downloads;
autoindex off;

location / {
if ($geoAutoIndexWhitelist) {
rewrite ^/(.*)$ /allowed_downloads/$1/ last;
}
try_files $uri $uri.html $uri/ =404;
}

location /allowed_downloads/ {
internal;
alias /data/downloads/;
autoindex on;
}
}

Later reload nginx service.


credits: shawn-c (stackoverflow)

Thanks & Regards
Sathish.V
Post by Sathish Kumar
Hi Igor,
I tried your config and getting error, can you help me.
location / {
alias /downloads/;
root /data/files;
autoindex on;
if ($forbidlisting) {
rewrite ^/(.*) /noindex_root/$1 last;
}
}
location /noindex_root/ {
internal;
alias /downloads/;
}
nginx: [emerg] "root" directive is duplicate, "alias" directive was
specified earlier in domain.conf
Thanks & Regards
Sathish.V
Post by Friscia, Michael
location / {
alias /downloads/;
autoindex on;
if ($forbidlisting) {
rewrite ^/(.*) /noindex_root/$1 last;
}
}
location /noindex_root/ {
internal;
alias /downloads/;
}
Hi,
I am doing for location /, in that case how will have to change the below
portion.
location /downloads {
alias /downloads/;
autoindex on;
if ($forbidlisting) {
rewrite /downloads(.*) /noindex_downloads/$1 last;
}
}
location /noindex_downloads/ {
internal;
alias /downloads/;
}
Sathish,
I made a couple of minor mistakes.
map $remote_addr $forbidlisting {
default 1;
1.1.1.1 0;
}
location /downloads {
alias /downloads/;
autoindex on;
if ($forbidlisting) {
rewrite /downloads(.*) /noindex_downloads/$1 last;
}
}
location /noindex_downloads/ {
internal;
alias /downloads/;
}
I tried it and it works for me.
Hi,
Tried this option it throws rewrite error and am not able to download
file from non whitelisted ip addresses.
rewrite or internal redirection cycle while processing
"/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
client: 3.3.3.3, server: abc.com, request: "GET
/Downloads/abcd/file.zip
Hello, guys.
location = /downloads/ {
root /downloads/;
allow 1.1.1.1;
autoindex on;
}
location /downloads/ {
root /downloads/;
}
This will work nicely if you don't need subdirectories.
map $remote_addr $forbidlisting {
default 1;
1.1.1.1 0;
}
location /downloads/ {
root /downloads/;
autoindex on;
if ($forbidlisting) {
rewrite /downloads(.*) /noindex_downloads$1 last;
}
}
location /noindex_downloads/ {
internal;
root /downloads/;
}
I think you need to change this a little
map $remote_addr $allowed {
default “off”;
1.1.1.1 “on”;
2.2.2.2 “on:;
}
and then in in the download location block
autoindex $allowed;
I use similar logic on different variables and try at all costs to
avoid IF statements anywhere in the configs.
___________________________________________
Michael Friscia
Office of Communications
Yale School of Medicine
(203) 737-7932 - office
(203) 931-5381 - mobile
http://web.yale.edu
*Date: *Friday, May 18, 2018 at 2:16 AM
*Subject: *Re: Nginx Directory Listing - Restrict by IP Address
Hi Satish,
There are "if" constructs in nginx, please check http://nginx.org/r/if
<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=>.
if you want to allow multiple IP addresses, it might be better idea to use
map $remote_addr $allowed {
default 0;
1.1.1.1 1;
2.2.2.2 1;
}
and then in in the download location block
if ($allowed = 1) {
autoindex on;
}
Thanks,
Prajith
Hi Team,
We have a requirement to allow directory listing from few servers and
disallow from other ip addresses and all IP addresses should be able to
download all files inside the directory.
Can somebody provide the correct nginx config for the same.
location / {
root /downloads;
autoindex on;
allow 1.1.1.1;
deny all;
}
If I use the above config, only on 1.1.1.1 IP address can directory
list from this server and can file download but from other IP addresses
download shows forbidden, due to IP address restriction
Is there a way to overcome this issue, thanks.
Thanks & Regards
Sathish.V
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=>
_______________________________________________
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
Anoop Alias
2018-05-18 13:02:21 UTC
Permalink
Since this requires more logic, I think you can implement this in an
application server / server-side scripting like php/python etc

your application must verify the IP address and list files rather than web
server
Hi,
I tried this option but it says autoindex need to be on or off and it's
not accepting a variable.
[emerg] invalid value "$allowed" in "autoindex" directive, it must be "on"
or "off" in domain.conf
Post by Friscia, Michael
I think you need to change this a little
map $remote_addr $allowed {
default “off”;
1.1.1.1 “on”;
2.2.2.2 “on:;
}
and then in in the download location block
autoindex $allowed;
I use similar logic on different variables and try at all costs to avoid
IF statements anywhere in the configs.
___________________________________________
Michael Friscia
Office of Communications
Yale School of Medicine
(203) 737-7932 - office
(203) 931-5381 - mobile
http://web.yale.edu
*Date: *Friday, May 18, 2018 at 2:16 AM
*Subject: *Re: Nginx Directory Listing - Restrict by IP Address
Hi Satish,
There are "if" constructs in nginx, please check http://nginx.org/r/if
<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=>.
if you want to allow multiple IP addresses, it might be better idea to use
map $remote_addr $allowed {
default 0;
1.1.1.1 1;
2.2.2.2 1;
}
and then in in the download location block
if ($allowed = 1) {
autoindex on;
}
Thanks,
Prajith
Hi Team,
We have a requirement to allow directory listing from few servers and
disallow from other ip addresses and all IP addresses should be able to
download all files inside the directory.
Can somebody provide the correct nginx config for the same.
location / {
root /downloads;
autoindex on;
allow 1.1.1.1;
deny all;
}
If I use the above config, only on 1.1.1.1 IP address can directory list
from this server and can file download but from other IP addresses download
shows forbidden, due to IP address restriction
Is there a way to overcome this issue, thanks.
Thanks & Regards
Sathish.V
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=>
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
--
*Anoop P Alias*
Sathish Kumar
2018-05-18 06:36:08 UTC
Permalink
Hi Prajith,

I had tried this option but autoindex is not allowed under if statement.

location / {
root /downloads;
if ($allowed = 1)
{
autoindex on;
}

}

Error:
"autoindex" directive is not allowed here in domain.conf



Thanks & Regards
Sathish.V
Post by Friscia, Michael
Hi Satish,
There are "if" constructs in nginx, please check http://nginx.org/r/if.
if you want to allow multiple IP addresses, it might be better idea to use
map $remote_addr $allowed {
default 0;
1.1.1.1 1;
2.2.2.2 1;
}
and then in in the download location block
if ($allowed = 1) {
autoindex on;
}
Thanks,
Prajith
Post by Friscia, Michael
Hi Team,
We have a requirement to allow directory listing from few servers and
disallow from other ip addresses and all IP addresses should be able to
download all files inside the directory.
Can somebody provide the correct nginx config for the same.
location / {
root /downloads;
autoindex on;
allow 1.1.1.1;
deny all;
}
If I use the above config, only on 1.1.1.1 IP address can directory list
from this server and can file download but from other IP addresses download
shows forbidden, due to IP address restriction
Is there a way to overcome this issue, thanks.
Thanks & Regards
Sathish.V
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
2018-05-18 16:35:51 UTC
Permalink
On Fri, May 18, 2018 at 08:05:34AM +0800, Sathish Kumar wrote:

Hi there,
Post by Friscia, Michael
We have a requirement to allow directory listing from few servers and
disallow from other ip addresses and all IP addresses should be able to
download all files inside the directory.
"Directory listings" is presumably only relevant when the request url
ends in /.

So if you have "autoindex on", then all you need to do is disallow some
IP addresses from accessing those urls.
Post by Friscia, Michael
location / {
root /downloads;
autoindex on;
allow 1.1.1.1;
deny all;
}
Replace the allow/deny part with

location ~ /$ {
allow 1.1.1.1;
deny all;
}

and it should do what you want.

The end result is: request ends in / --> check the allow list; otherwise,
allow as normal.

f
--
Francis Daly ***@daoine.org
Loading...