Welcome! Log In Create A New Profile

Advanced

Restricting access by public IP blocking remote content

Posted by pkris 
As the subject states when I restrict access to a subdirectory via IP,
remote content like Google fonts, and Favicons are blocked.

This of course makes sense, but without adding those hostnames to my
admin-ip's file I use to allow IP's (explained below), can remote content
like this be allowed by the actual web traffic I'm attempting to restrict to
my VPN IP be filtered?

/etc/nginx/sites-enabled/default:

location /billingadmin {
include includes/admin-ips;
deny all;
}

/etc/nginx/includes/admin-ips:

#LAN
allow XXX.XXX.XXX.XXX;

#VPN
allow XXX.XXX.XXX.XXX;
allow XXX.XXX.XXX.XXX;

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,279725,279725#msg-279725

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
On Tue, May 08, 2018 at 04:28:54PM -0400, pkris wrote:

Hi there,

> As the subject states when I restrict access to a subdirectory via IP,
> remote content like Google fonts, and Favicons are blocked.

I don't understand what you are reporting there. Can you give one
specific example?

It looks like you are saying that when you intentionally block access to
/billingadmin, you also accidentally block access to /favicon.ico and
to totally unrelated urls like https://fonts.google.com/. That seems
very strange to me, so I suspect that I am missing something.

> This of course makes sense, but without adding those hostnames to my
> admin-ip's file I use to allow IP's (explained below), can remote content
> like this be allowed by the actual web traffic I'm attempting to restrict to
> my VPN IP be filtered?

Maybe it is clear to someone else, what you mean by this. If so, perhaps
they will respond.

But it might be helpful if you can rephrase your question, perhaps
including an example request that does not get the response that you
expect (and including the relevant nginx config).

Good luck,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login