Welcome! Log In Create A New Profile

Advanced

Nginx Directory Listing - Restrict by IP Address

Posted by Sathish Kumar 
Sathish Kumar
Nginx Directory Listing - Restrict by IP Address
May 18, 2018 02:10AM
Hi Team,

We have a requirement to allow directory listing from few servers and
disallow from other ip addresses and all IP addresses should be able to
download all files inside the directory.

Can somebody provide the correct nginx config for the same.

location / {
root /downloads;
autoindex on;
allow 1.1.1.1;
deny all;
}

If I use the above config, only on 1.1.1.1 IP address can directory list
from this server and can file download but from other IP addresses download
shows forbidden, due to IP address restriction

Is there a way to overcome this issue, thanks.

Thanks & Regards
Sathish.V
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hi Satish,

There are "if" constructs in nginx, please check http://nginx.org/r/if. if
you want to allow multiple IP addresses, it might be better idea to use
map. eg:

map $remote_addr $allowed {
default 0;
1.1.1.1 1;
2.2.2.2 1;
}

and then in in the download location block

if ($allowed = 1) {
autoindex on;
}

Thanks,
Prajith

On 18 May 2018 at 05:35, Sathish Kumar <[email protected]> wrote:

> Hi Team,
>
> We have a requirement to allow directory listing from few servers and
> disallow from other ip addresses and all IP addresses should be able to
> download all files inside the directory.
>
> Can somebody provide the correct nginx config for the same.
>
> location / {
> root /downloads;
> autoindex on;
> allow 1.1.1.1;
> deny all;
> }
>
> If I use the above config, only on 1.1.1.1 IP address can directory list
> from this server and can file download but from other IP addresses download
> shows forbidden, due to IP address restriction
>
> Is there a way to overcome this issue, thanks.
>
> Thanks & Regards
> Sathish.V
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sathish Kumar
Re: Nginx Directory Listing - Restrict by IP Address
May 18, 2018 08:40AM
Hi Prajith,

I had tried this option but autoindex is not allowed under if statement.

location / {
root /downloads;
if ($allowed = 1)
{
autoindex on;
}

}

Error:
"autoindex" directive is not allowed here in domain.conf



Thanks & Regards
Sathish.V


On Fri, May 18, 2018 at 2:16 PM PRAJITH <[email protected]> wrote:

> Hi Satish,
>
> There are "if" constructs in nginx, please check http://nginx.org/r/if.
> if you want to allow multiple IP addresses, it might be better idea to use
> map. eg:
>
> map $remote_addr $allowed {
> default 0;
> 1.1.1.1 1;
> 2.2.2.2 1;
> }
>
> and then in in the download location block
>
> if ($allowed = 1) {
> autoindex on;
> }
>
> Thanks,
> Prajith
>
> On 18 May 2018 at 05:35, Sathish Kumar <[email protected]> wrote:
>
>> Hi Team,
>>
>> We have a requirement to allow directory listing from few servers and
>> disallow from other ip addresses and all IP addresses should be able to
>> download all files inside the directory.
>>
>> Can somebody provide the correct nginx config for the same.
>>
>> location / {
>> root /downloads;
>> autoindex on;
>> allow 1.1.1.1;
>> deny all;
>> }
>>
>> If I use the above config, only on 1.1.1.1 IP address can directory list
>> from this server and can file download but from other IP addresses download
>> shows forbidden, due to IP address restriction
>>
>> Is there a way to overcome this issue, thanks.
>>
>> Thanks & Regards
>> Sathish.V
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Friscia, Michael
Re: Nginx Directory Listing - Restrict by IP Address
May 18, 2018 01:20PM
I think you need to change this a little

map $remote_addr $allowed {
default “off”;
1.1.1.1 “on”;
2.2.2.2 “on:;
}
and then in in the download location block

autoindex $allowed;
I use similar logic on different variables and try at all costs to avoid IF statements anywhere in the configs.

___________________________________________
Michael Friscia
Office of Communications
Yale School of Medicine
(203) 737-7932 - office
(203) 931-5381 - mobile
http://web.yale.eduhttp://web.yale.edu/

From: nginx <[email protected]> on behalf of PRAJITH <[email protected]>
Reply-To: "[email protected]" <[email protected]>
Date: Friday, May 18, 2018 at 2:16 AM
To: "[email protected]" <[email protected]>
Subject: Re: Nginx Directory Listing - Restrict by IP Address

Hi Satish,
There are "if" constructs in nginx, please check http://nginx.org/r/ifhttps://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=. if you want to allow multiple IP addresses, it might be better idea to use map. eg:

map $remote_addr $allowed {
default 0;
1.1.1.1 1;
2.2.2.2 1;
}
and then in in the download location block

if ($allowed = 1) {
autoindex on;
}
Thanks,
Prajith

On 18 May 2018 at 05:35, Sathish Kumar <[email protected]<mailto:[email protected]>> wrote:

Hi Team,

We have a requirement to allow directory listing from few servers and disallow from other ip addresses and all IP addresses should be able to download all files inside the directory.

Can somebody provide the correct nginx config for the same.

location / {

root /downloads;

autoindex on;

allow 1.1.1.1;

deny all;

}

If I use the above config, only on 1.1.1.1 IP address can directory list from this server and can file download but from other IP addresses download shows forbidden, due to IP address restriction

Is there a way to overcome this issue, thanks.

Thanks & Regards
Sathish.V

_______________________________________________
nginx mailing list
[email protected]<mailto:[email protected]>
http://mailman.nginx.org/mailman/listinfo/nginxhttps://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Igor A. Ippolitov
Re: Nginx Directory Listing - Restrict by IP Address
May 18, 2018 02:20PM
Hello, guys.

I think, you can try something like this:

location = /downloads/ {
    root /downloads/;
    allow 1.1.1.1;
    autoindex on;
}
location /downloads/ {
    root /downloads/;
}

This will work nicely if you don't need subdirectories.
If you need those, you can use a rewrite like:

map $remote_addr $forbidlisting {
    default 1;
    1.1.1.1 0;
}
location /downloads/ {
    root /downloads/;
    autoindex on;
    if ($forbidlisting) {
        rewrite /downloads(.*) /noindex_downloads$1 last;
    }
}
location /noindex_downloads/ {
    internal;
    root /downloads/;
}


On 18.05.2018 14:17, Friscia, Michael wrote:
>
> I think you need to change this a little
>
> map $remote_addr $allowed {
>     default         “off”;
>     1.1.1.1         “on”;
>     2.2.2.2         “on:;
> }
>
> and then in in the download location block
>
>  autoindex $allowed;
>
> I use similar logic on different variables and try at all costs to
> avoid IF statements anywhere in the configs.
>
> ___________________________________________
>
> Michael Friscia
>
> Office of Communications
>
> Yale School of Medicine
>
> (203) 737-7932 - office
>
> (203) 931-5381 - mobile
>
> http://web.yale.edu http://web.yale.edu/
>
> *From: *nginx <[email protected]> on behalf of PRAJITH
> <[email protected]>
> *Reply-To: *"[email protected]" <[email protected]>
> *Date: *Friday, May 18, 2018 at 2:16 AM
> *To: *"[email protected]" <[email protected]>
> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address
>
> Hi Satish,
>
> There are "if" constructs in nginx, please check
> http://nginx.org/r/ifhttps://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=.
> if you want to allow multiple IP addresses, it might be better idea to
> use map. eg:
>
> map $remote_addr $allowed {
>     default         0;
>     1.1.1.1         1;
>     2.2.2.2         1;
> }
>
> and then in in the download location block
>
>  if ($allowed = 1) {
>         autoindex on;
> }
>
> Thanks,
>
> Prajith
>
> On 18 May 2018 at 05:35, Sathish Kumar
> <[email protected]<mailto:[email protected]>> wrote:
>
> Hi Team,
>
> We have a requirement to allow directory listing from few servers
> and disallow from other ip addresses and all IP addresses should
> be able to download all files inside the directory.
>
> Can somebody provide the correct nginx config for the same.
>
> |location / {|
>
> |root /downloads;|
>
> |autoindex on;|
>
> |allow 1.1.1.1;|
>
> |deny all;|
>
> |}|
>
> If I use the above config, only on 1.1.1.1 IP address can
> directory list from this server and can file download but from
> other IP addresses download shows forbidden, due to IP address
> restriction
>
> Is there a way to overcome this issue, thanks.
>
>
> Thanks & Regards
> Sathish.V
>
>
> _______________________________________________
> nginx mailing list
> [email protected]<mailto:[email protected]>
> http://mailman.nginx.org/mailman/listinfo/nginxhttps://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sathish Kumar
Re: Nginx Directory Listing - Restrict by IP Address
May 18, 2018 03:00PM
Hi,

I tried this option but it says autoindex need to be on or off and it's not
accepting a variable.


[emerg] invalid value "$allowed" in "autoindex" directive, it must be "on"
or "off" in domain.conf

On Fri, May 18, 2018, 7:18 PM Friscia, Michael <[email protected]>
wrote:

> I think you need to change this a little
>
>
>
> map $remote_addr $allowed {
> default “off”;
> 1.1.1.1 “on”;
> 2.2.2.2 “on:;
> }
>
> and then in in the download location block
>
> autoindex $allowed;
>
> I use similar logic on different variables and try at all costs to avoid
> IF statements anywhere in the configs.
>
>
>
> ___________________________________________
>
> Michael Friscia
>
> Office of Communications
>
> Yale School of Medicine
>
> (203) 737-7932 - office
>
> (203) 931-5381 - mobile
>
> http://web.yale.edu
>
>
>
> *From: *nginx <[email protected]> on behalf of PRAJITH <
> [email protected]>
> *Reply-To: *"[email protected]" <[email protected]>
> *Date: *Friday, May 18, 2018 at 2:16 AM
> *To: *"[email protected]" <[email protected]>
> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address
>
>
>
> Hi Satish,
>
> There are "if" constructs in nginx, please check http://nginx.org/r/if
> https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=.
> if you want to allow multiple IP addresses, it might be better idea to use
> map. eg:
>
> map $remote_addr $allowed {
> default 0;
> 1.1.1.1 1;
> 2.2.2.2 1;
> }
>
> and then in in the download location block
>
> if ($allowed = 1) {
> autoindex on;
> }
>
> Thanks,
>
> Prajith
>
>
>
> On 18 May 2018 at 05:35, Sathish Kumar <[email protected]> wrote:
>
> Hi Team,
>
> We have a requirement to allow directory listing from few servers and
> disallow from other ip addresses and all IP addresses should be able to
> download all files inside the directory.
>
> Can somebody provide the correct nginx config for the same.
>
> location / {
>
> root /downloads;
>
> autoindex on;
>
> allow 1.1.1.1;
>
> deny all;
>
> }
>
> If I use the above config, only on 1.1.1.1 IP address can directory list
> from this server and can file download but from other IP addresses download
> shows forbidden, due to IP address restriction
>
> Is there a way to overcome this issue, thanks.
>
>
> Thanks & Regards
> Sathish.V
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sathish Kumar
Re: Nginx Directory Listing - Restrict by IP Address
May 18, 2018 03:10PM
Hi,

Tried this option it throws rewrite error and am not able to download file
from non whitelisted ip addresses.


ERROR:
rewrite or internal redirection cycle while processing
"/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
client: 3.3.3.3, server: abc.com, request: "GET /Downloads/abcd/file.zip


On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <[email protected]>
wrote:

> Hello, guys.
>
> I think, you can try something like this:
>
> location = /downloads/ {
> root /downloads/;
> allow 1.1.1.1;
> autoindex on;
> }
> location /downloads/ {
> root /downloads/;
> }
>
> This will work nicely if you don't need subdirectories.
> If you need those, you can use a rewrite like:
>
> map $remote_addr $forbidlisting {
> default 1;
> 1.1.1.1 0;
> }
> location /downloads/ {
> root /downloads/;
> autoindex on;
> if ($forbidlisting) {
> rewrite /downloads(.*) /noindex_downloads$1 last;
> }
> }
> location /noindex_downloads/ {
> internal;
> root /downloads/;
> }
>
>
> On 18.05.2018 14:17, Friscia, Michael wrote:
>
> I think you need to change this a little
>
>
>
> map $remote_addr $allowed {
> default “off”;
> 1.1.1.1 “on”;
> 2.2.2.2 “on:;
> }
>
> and then in in the download location block
>
> autoindex $allowed;
>
> I use similar logic on different variables and try at all costs to avoid
> IF statements anywhere in the configs.
>
>
>
> ___________________________________________
>
> Michael Friscia
>
> Office of Communications
>
> Yale School of Medicine
>
> (203) 737-7932 - office
>
> (203) 931-5381 - mobile
>
> http://web.yale.edu
>
>
>
> *From: *nginx <[email protected]> <[email protected]> on
> behalf of PRAJITH <[email protected]>
> <[email protected]>
> *Reply-To: *"[email protected]" <[email protected]> <[email protected]>
> <[email protected]>
> *Date: *Friday, May 18, 2018 at 2:16 AM
> *To: *"[email protected]" <[email protected]> <[email protected]>
> <[email protected]>
> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address
>
>
>
> Hi Satish,
>
> There are "if" constructs in nginx, please check http://nginx.org/r/if
> https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=.
> if you want to allow multiple IP addresses, it might be better idea to use
> map. eg:
>
> map $remote_addr $allowed {
> default 0;
> 1.1.1.1 1;
> 2.2.2.2 1;
> }
>
> and then in in the download location block
>
> if ($allowed = 1) {
> autoindex on;
> }
>
> Thanks,
>
> Prajith
>
>
>
> On 18 May 2018 at 05:35, Sathish Kumar <[email protected]> wrote:
>
> Hi Team,
>
> We have a requirement to allow directory listing from few servers and
> disallow from other ip addresses and all IP addresses should be able to
> download all files inside the directory.
>
> Can somebody provide the correct nginx config for the same.
>
> location / {
>
> root /downloads;
>
> autoindex on;
>
> allow 1.1.1.1;
>
> deny all;
>
> }
>
> If I use the above config, only on 1.1.1.1 IP address can directory list
> from this server and can file download but from other IP addresses download
> shows forbidden, due to IP address restriction
>
> Is there a way to overcome this issue, thanks.
>
>
> Thanks & Regards
> Sathish.V
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=
>
>
>
>
> _______________________________________________
> nginx mailing listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Anoop Alias
Re: Nginx Directory Listing - Restrict by IP Address
May 18, 2018 03:10PM
Since this requires more logic, I think you can implement this in an
application server / server-side scripting like php/python etc

your application must verify the IP address and list files rather than web
server

On Fri, May 18, 2018 at 6:25 PM, Sathish Kumar <[email protected]> wrote:

> Hi,
>
> I tried this option but it says autoindex need to be on or off and it's
> not accepting a variable.
>
>
> [emerg] invalid value "$allowed" in "autoindex" directive, it must be "on"
> or "off" in domain.conf
>
>
> On Fri, May 18, 2018, 7:18 PM Friscia, Michael <[email protected]>
> wrote:
>
>> I think you need to change this a little
>>
>>
>>
>> map $remote_addr $allowed {
>> default “off”;
>> 1.1.1.1 “on”;
>> 2.2.2.2 “on:;
>> }
>>
>> and then in in the download location block
>>
>> autoindex $allowed;
>>
>> I use similar logic on different variables and try at all costs to avoid
>> IF statements anywhere in the configs.
>>
>>
>>
>> ___________________________________________
>>
>> Michael Friscia
>>
>> Office of Communications
>>
>> Yale School of Medicine
>>
>> (203) 737-7932 - office
>>
>> (203) 931-5381 - mobile
>>
>> http://web.yale.edu
>>
>>
>>
>> *From: *nginx <[email protected]> on behalf of PRAJITH <
>> [email protected]>
>> *Reply-To: *"[email protected]" <[email protected]>
>> *Date: *Friday, May 18, 2018 at 2:16 AM
>> *To: *"[email protected]" <[email protected]>
>> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address
>>
>>
>>
>> Hi Satish,
>>
>> There are "if" constructs in nginx, please check http://nginx.org/r/if
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=.
>> if you want to allow multiple IP addresses, it might be better idea to use
>> map. eg:
>>
>> map $remote_addr $allowed {
>> default 0;
>> 1.1.1.1 1;
>> 2.2.2.2 1;
>> }
>>
>> and then in in the download location block
>>
>> if ($allowed = 1) {
>> autoindex on;
>> }
>>
>> Thanks,
>>
>> Prajith
>>
>>
>>
>> On 18 May 2018 at 05:35, Sathish Kumar <[email protected]> wrote:
>>
>> Hi Team,
>>
>> We have a requirement to allow directory listing from few servers and
>> disallow from other ip addresses and all IP addresses should be able to
>> download all files inside the directory.
>>
>> Can somebody provide the correct nginx config for the same.
>>
>> location / {
>>
>> root /downloads;
>>
>> autoindex on;
>>
>> allow 1.1.1.1;
>>
>> deny all;
>>
>> }
>>
>> If I use the above config, only on 1.1.1.1 IP address can directory list
>> from this server and can file download but from other IP addresses download
>> shows forbidden, due to IP address restriction
>>
>> Is there a way to overcome this issue, thanks.
>>
>>
>> Thanks & Regards
>> Sathish.V
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



--
*Anoop P Alias*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Igor A. Ippolitov
Re: Nginx Directory Listing - Restrict by IP Address
May 18, 2018 05:20PM
Sathish,

I made a couple of minor mistakes.

Please, try following configuration:

>
> map $remote_addr $forbidlisting {
>     default 1;
>     1.1.1.1 0;
> }
> location /downloads {
>     alias /downloads/;
>     autoindex on;
>     if ($forbidlisting) {
>         rewrite /downloads(.*) /noindex_downloads/$1 last;
>     }
> }
> location /noindex_downloads/ {
>     internal;
>     alias /downloads/;
> }

I tried it and it works for me.


On 18.05.2018 16:01, Sathish Kumar wrote:
> Hi,
>
> Tried this option it throws rewrite error and am not able to download
> file from non whitelisted ip addresses.
>
>
> ERROR:
> rewrite or internal redirection cycle while processing
> "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
> client: 3.3.3.3, server: abc.com http://abc.com, request: "GET
> /Downloads/abcd/file.zip
>
>
> On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <[email protected]
> <mailto:[email protected]>> wrote:
>
> Hello, guys.
>
> I think, you can try something like this:
>
> location = /downloads/ {
>     root /downloads/;
>     allow 1.1.1.1;
>     autoindex on;
> }
> location /downloads/ {
>     root /downloads/;
> }
>
> This will work nicely if you don't need subdirectories.
> If you need those, you can use a rewrite like:
>
> map $remote_addr $forbidlisting {
>     default 1;
>     1.1.1.1 0;
> }
> location /downloads/ {
>     root /downloads/;
>     autoindex on;
>     if ($forbidlisting) {
>         rewrite /downloads(.*) /noindex_downloads$1 last;
>     }
> }
> location /noindex_downloads/ {
>     internal;
>     root /downloads/;
> }
>
>
> On 18.05.2018 14:17, Friscia, Michael wrote:
>>
>> I think you need to change this a little
>>
>> map $remote_addr $allowed {
>>     default         “off”;
>>     1.1.1.1         “on”;
>>     2.2.2.2         “on:;
>> }
>>
>> and then in in the download location block
>>
>>  autoindex $allowed;
>>
>> I use similar logic on different variables and try at all costs
>> to avoid IF statements anywhere in the configs.
>>
>> ___________________________________________
>>
>> Michael Friscia
>>
>> Office of Communications
>>
>> Yale School of Medicine
>>
>> (203) 737-7932 - office
>>
>> (203) 931-5381 - mobile
>>
>> http://web.yale.edu http://web.yale.edu/
>>
>> *From: *nginx <[email protected]>
>> <mailto:[email protected]> on behalf of PRAJITH
>> <[email protected]> <mailto:[email protected]>
>> *Reply-To: *"[email protected]" <mailto:[email protected]>
>> <[email protected]> <mailto:[email protected]>
>> *Date: *Friday, May 18, 2018 at 2:16 AM
>> *To: *"[email protected]" <mailto:[email protected]>
>> <[email protected]> <mailto:[email protected]>
>> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address
>>
>> Hi Satish,
>>
>> There are "if" constructs in nginx, please check
>> http://nginx.org/r/ifhttps://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=.
>> if you want to allow multiple IP addresses, it might be better
>> idea to use map. eg:
>>
>> map $remote_addr $allowed {
>>     default         0;
>>     1.1.1.1         1;
>>     2.2.2.2         1;
>> }
>>
>> and then in in the download location block
>>
>>  if ($allowed = 1) {
>>         autoindex on;
>> }
>>
>> Thanks,
>>
>> Prajith
>>
>> On 18 May 2018 at 05:35, Sathish Kumar
>> <[email protected]<mailto:[email protected]>> wrote:
>>
>> Hi Team,
>>
>> We have a requirement to allow directory listing from few
>> servers and disallow from other ip addresses and all IP
>> addresses should be able to download all files inside the
>> directory.
>>
>> Can somebody provide the correct nginx config for the same.
>>
>> |location / {|
>>
>> |root /downloads;|
>>
>> |autoindex on;|
>>
>> |allow 1.1.1.1;|
>>
>> |deny all;|
>>
>> |}|
>>
>> If I use the above config, only on 1.1.1.1 IP address can
>> directory list from this server and can file download but
>> from other IP addresses download shows forbidden, due to IP
>> address restriction
>>
>> Is there a way to overcome this issue, thanks.
>>
>>
>> Thanks & Regards
>> Sathish.V
>>
>>
>> _______________________________________________
>> nginx mailing list
>> [email protected]<mailto:[email protected]>
>> http://mailman.nginx.org/mailman/listinfo/nginxhttps://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=
>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org <mailto:[email protected]>
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org <mailto:[email protected]>
> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sathish Kumar
Re: Nginx Directory Listing - Restrict by IP Address
May 18, 2018 06:40PM
Hi,

I am doing for location /, in that case how will have to change the below
portion.

location /downloads {
alias /downloads/;
autoindex on;
if ($forbidlisting) {
rewrite /downloads(.*) /noindex_downloads/$1 last;
}
}
location /noindex_downloads/ {
internal;
alias /downloads/;
}



On Fri, May 18, 2018, 11:10 PM Igor A. Ippolitov <[email protected]>
wrote:

> Sathish,
>
> I made a couple of minor mistakes.
>
> Please, try following configuration:
>
>
> map $remote_addr $forbidlisting {
> default 1;
> 1.1.1.1 0;
> }
> location /downloads {
> alias /downloads/;
> autoindex on;
> if ($forbidlisting) {
> rewrite /downloads(.*) /noindex_downloads/$1 last;
> }
> }
> location /noindex_downloads/ {
> internal;
> alias /downloads/;
> }
>
>
> I tried it and it works for me.
>
>
> On 18.05.2018 16:01, Sathish Kumar wrote:
>
> Hi,
>
> Tried this option it throws rewrite error and am not able to download file
> from non whitelisted ip addresses.
>
>
> ERROR:
> rewrite or internal redirection cycle while processing
> "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
> client: 3.3.3.3, server: abc.com, request: "GET /Downloads/abcd/file.zip
>
>
> On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <[email protected]>
> wrote:
>
>> Hello, guys.
>>
>> I think, you can try something like this:
>>
>> location = /downloads/ {
>> root /downloads/;
>> allow 1.1.1.1;
>> autoindex on;
>> }
>> location /downloads/ {
>> root /downloads/;
>> }
>>
>> This will work nicely if you don't need subdirectories.
>> If you need those, you can use a rewrite like:
>>
>> map $remote_addr $forbidlisting {
>> default 1;
>> 1.1.1.1 0;
>> }
>> location /downloads/ {
>> root /downloads/;
>> autoindex on;
>> if ($forbidlisting) {
>> rewrite /downloads(.*) /noindex_downloads$1 last;
>> }
>> }
>> location /noindex_downloads/ {
>> internal;
>> root /downloads/;
>> }
>>
>>
>> On 18.05.2018 14:17, Friscia, Michael wrote:
>>
>> I think you need to change this a little
>>
>>
>>
>> map $remote_addr $allowed {
>> default “off”;
>> 1.1.1.1 “on”;
>> 2.2.2.2 “on:;
>> }
>>
>> and then in in the download location block
>>
>> autoindex $allowed;
>>
>> I use similar logic on different variables and try at all costs to avoid
>> IF statements anywhere in the configs.
>>
>>
>>
>> ___________________________________________
>>
>> Michael Friscia
>>
>> Office of Communications
>>
>> Yale School of Medicine
>>
>> (203) 737-7932 - office
>>
>> (203) 931-5381 - mobile
>>
>> http://web.yale.edu
>>
>>
>>
>> *From: *nginx <[email protected]> <[email protected]> on
>> behalf of PRAJITH <[email protected]>
>> <[email protected]>
>> *Reply-To: *"[email protected]" <[email protected]> <[email protected]>
>> <[email protected]>
>> *Date: *Friday, May 18, 2018 at 2:16 AM
>> *To: *"[email protected]" <[email protected]> <[email protected]>
>> <[email protected]>
>> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address
>>
>>
>>
>> Hi Satish,
>>
>> There are "if" constructs in nginx, please check http://nginx.org/r/if
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=.
>> if you want to allow multiple IP addresses, it might be better idea to use
>> map. eg:
>>
>> map $remote_addr $allowed {
>> default 0;
>> 1.1.1.1 1;
>> 2.2.2.2 1;
>> }
>>
>> and then in in the download location block
>>
>> if ($allowed = 1) {
>> autoindex on;
>> }
>>
>> Thanks,
>>
>> Prajith
>>
>>
>>
>> On 18 May 2018 at 05:35, Sathish Kumar <[email protected]> wrote:
>>
>> Hi Team,
>>
>> We have a requirement to allow directory listing from few servers and
>> disallow from other ip addresses and all IP addresses should be able to
>> download all files inside the directory.
>>
>> Can somebody provide the correct nginx config for the same.
>>
>> location / {
>>
>> root /downloads;
>>
>> autoindex on;
>>
>> allow 1.1.1.1;
>>
>> deny all;
>>
>> }
>>
>> If I use the above config, only on 1.1.1.1 IP address can directory list
>> from this server and can file download but from other IP addresses download
>> shows forbidden, due to IP address restriction
>>
>> Is there a way to overcome this issue, thanks.
>>
>>
>> Thanks & Regards
>> Sathish.V
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=
>>
>>
>>
>>
>> _______________________________________________
>> nginx mailing listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
> _______________________________________________
> nginx mailing listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: Nginx Directory Listing - Restrict by IP Address
May 18, 2018 06:40PM
On Fri, May 18, 2018 at 08:05:34AM +0800, Sathish Kumar wrote:

Hi there,

> We have a requirement to allow directory listing from few servers and
> disallow from other ip addresses and all IP addresses should be able to
> download all files inside the directory.

"Directory listings" is presumably only relevant when the request url
ends in /.

So if you have "autoindex on", then all you need to do is disallow some
IP addresses from accessing those urls.

> location / {
> root /downloads;
> autoindex on;
> allow 1.1.1.1;
> deny all;
> }

Replace the allow/deny part with

location ~ /$ {
allow 1.1.1.1;
deny all;
}

and it should do what you want.

The end result is: request ends in / --> check the allow list; otherwise,
allow as normal.

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Igor A. Ippolitov
Re: Nginx Directory Listing - Restrict by IP Address
May 18, 2018 07:10PM
This works for me:
>
>     location / {
>         alias /downloads/;
>         autoindex on;
>         if ($forbidlisting) {
>             rewrite ^/(.*) /noindex_root/$1 last;
>         }
>     }
>     location /noindex_root/ {
>         internal;
>         alias /downloads/;
>     }


On 18.05.2018 19:32, Sathish Kumar wrote:
> Hi,
>
> I am doing for location /, in that case how will have to change the
> below portion.
>
> location /downloads {
>     alias /downloads/;
>     autoindex on;
>     if ($forbidlisting) {
>         rewrite /downloads(.*) /noindex_downloads/$1 last;
>     }
> }
> location /noindex_downloads/ {
>     internal;
>     alias /downloads/;
> }
>
>
>
> On Fri, May 18, 2018, 11:10 PM Igor A. Ippolitov <[email protected]
> <mailto:[email protected]>> wrote:
>
> Sathish,
>
> I made a couple of minor mistakes.
>
> Please, try following configuration:
>
>>
>> map $remote_addr $forbidlisting {
>>     default 1;
>>     1.1.1.1 0;
>> }
>> location /downloads {
>>     alias /downloads/;
>>     autoindex on;
>>     if ($forbidlisting) {
>>         rewrite /downloads(.*) /noindex_downloads/$1 last;
>>     }
>> }
>> location /noindex_downloads/ {
>>     internal;
>>     alias /downloads/;
>> }
>
> I tried it and it works for me.
>
>
> On 18.05.2018 16:01, Sathish Kumar wrote:
>> Hi,
>>
>> Tried this option it throws rewrite error and am not able to
>> download file from non whitelisted ip addresses.
>>
>>
>> ERROR:
>> rewrite or internal redirection cycle while processing
>> "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
>> client: 3.3.3.3, server: abc.com http://abc.com, request: "GET
>> /Downloads/abcd/file.zip
>>
>>
>> On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov
>> <[email protected] <mailto:[email protected]>> wrote:
>>
>> Hello, guys.
>>
>> I think, you can try something like this:
>>
>> location = /downloads/ {
>>     root /downloads/;
>>     allow 1.1.1.1;
>>     autoindex on;
>> }
>> location /downloads/ {
>>     root /downloads/;
>> }
>>
>> This will work nicely if you don't need subdirectories.
>> If you need those, you can use a rewrite like:
>>
>> map $remote_addr $forbidlisting {
>>     default 1;
>>     1.1.1.1 0;
>> }
>> location /downloads/ {
>>     root /downloads/;
>>     autoindex on;
>>     if ($forbidlisting) {
>>         rewrite /downloads(.*) /noindex_downloads$1 last;
>>     }
>> }
>> location /noindex_downloads/ {
>>     internal;
>>     root /downloads/;
>> }
>>
>>
>> On 18.05.2018 14:17, Friscia, Michael wrote:
>>>
>>> I think you need to change this a little
>>>
>>> map $remote_addr $allowed {
>>>     default         “off”;
>>>     1.1.1.1         “on”;
>>>     2.2.2.2         “on:;
>>> }
>>>
>>> and then in in the download location block
>>>
>>>  autoindex $allowed;
>>>
>>> I use similar logic on different variables and try at all
>>> costs to avoid IF statements anywhere in the configs.
>>>
>>> ___________________________________________
>>>
>>> Michael Friscia
>>>
>>> Office of Communications
>>>
>>> Yale School of Medicine
>>>
>>> (203) 737-7932 - office
>>>
>>> (203) 931-5381 - mobile
>>>
>>> http://web.yale.edu http://web.yale.edu/
>>>
>>> *From: *nginx <[email protected]>
>>> <mailto:[email protected]> on behalf of PRAJITH
>>> <[email protected]> <mailto:[email protected]>
>>> *Reply-To: *"[email protected]" <mailto:[email protected]>
>>> <ngin[email protected]> <mailto:[email protected]>
>>> *Date: *Friday, May 18, 2018 at 2:16 AM
>>> *To: *"[email protected]" <mailto:[email protected]>
>>> <[email protected]> <mailto:[email protected]>
>>> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address
>>>
>>> Hi Satish,
>>>
>>> There are "if" constructs in nginx, please check
>>> http://nginx.org/r/ifhttps://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=.
>>> if you want to allow multiple IP addresses, it might be
>>> better idea to use map. eg:
>>>
>>> map $remote_addr $allowed {
>>>     default         0;
>>>     1.1.1.1         1;
>>>     2.2.2.2         1;
>>> }
>>>
>>> and then in in the download location block
>>>
>>>  if ($allowed = 1) {
>>>         autoindex on;
>>> }
>>>
>>> Thanks,
>>>
>>> Prajith
>>>
>>> On 18 May 2018 at 05:35, Sathish Kumar
>>> <[email protected]<mailto:[email protected]>> wrote:
>>>
>>> Hi Team,
>>>
>>> We have a requirement to allow directory listing from
>>> few servers and disallow from other ip addresses and all
>>> IP addresses should be able to download all files inside
>>> the directory.
>>>
>>> Can somebody provide the correct nginx config for the same.
>>>
>>> |location / {|
>>>
>>> |root /downloads;|
>>>
>>> |autoindex on;|
>>>
>>> |allow 1.1.1.1;|
>>>
>>> |deny all;|
>>>
>>> |}|
>>>
>>> If I use the above config, only on 1.1.1.1 IP address
>>> can directory list from this server and can file
>>> download but from other IP addresses download shows
>>> forbidden, due to IP address restriction
>>>
>>> Is there a way to overcome this issue, thanks.
>>>
>>>
>>> Thanks & Regards
>>> Sathish.V
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> [email protected]<mailto:[email protected]>
>>> http://mailman.nginx.org/mailman/listinfo/nginxhttps://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=
>>>
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx@nginx.org <mailto:[email protected]>
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org <mailto:[email protected]>
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org <mailto:[email protected]>
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org <mailto:[email protected]>
> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sathish Kumar
Re: Nginx Directory Listing - Restrict by IP Address
May 19, 2018 03:50AM
Hi Igor,

I tried your config and getting error, can you help me.

location / {

alias /downloads/;
root /data/files;
autoindex on;

if ($forbidlisting) {
rewrite ^/(.*) /noindex_root/$1 last;

}
}
location /noindex_root/ {
internal;
alias /downloads/;
}


nginx: [emerg] "root" directive is duplicate, "alias" directive was
specified earlier in domain.conf



Thanks & Regards
Sathish.V


On Sat, May 19, 2018 at 1:03 AM Igor A. Ippolitov <[email protected]>
wrote:

> This works for me:
>
>
> location / {
> alias /downloads/;
> autoindex on;
> if ($forbidlisting) {
> rewrite ^/(.*) /noindex_root/$1 last;
> }
> }
> location /noindex_root/ {
> internal;
> alias /downloads/;
> }
>
>
>
> On 18.05.2018 19:32, Sathish Kumar wrote:
>
> Hi,
>
> I am doing for location /, in that case how will have to change the below
> portion.
>
> location /downloads {
> alias /downloads/;
> autoindex on;
> if ($forbidlisting) {
> rewrite /downloads(.*) /noindex_downloads/$1 last;
> }
> }
> location /noindex_downloads/ {
> internal;
> alias /downloads/;
> }
>
>
>
> On Fri, May 18, 2018, 11:10 PM Igor A. Ippolitov <[email protected]>
> wrote:
>
>> Sathish,
>>
>> I made a couple of minor mistakes.
>>
>> Please, try following configuration:
>>
>>
>> map $remote_addr $forbidlisting {
>> default 1;
>> 1.1.1.1 0;
>> }
>> location /downloads {
>> alias /downloads/;
>> autoindex on;
>> if ($forbidlisting) {
>> rewrite /downloads(.*) /noindex_downloads/$1 last;
>> }
>> }
>> location /noindex_downloads/ {
>> internal;
>> alias /downloads/;
>> }
>>
>>
>> I tried it and it works for me.
>>
>>
>> On 18.05.2018 16:01, Sathish Kumar wrote:
>>
>> Hi,
>>
>> Tried this option it throws rewrite error and am not able to download
>> file from non whitelisted ip addresses.
>>
>>
>> ERROR:
>> rewrite or internal redirection cycle while processing
>> "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
>> client: 3.3.3.3, server: abc.com, request: "GET /Downloads/abcd/file.zip
>>
>>
>> On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <[email protected]>
>> wrote:
>>
>>> Hello, guys.
>>>
>>> I think, you can try something like this:
>>>
>>> location = /downloads/ {
>>> root /downloads/;
>>> allow 1.1.1.1;
>>> autoindex on;
>>> }
>>> location /downloads/ {
>>> root /downloads/;
>>> }
>>>
>>> This will work nicely if you don't need subdirectories.
>>> If you need those, you can use a rewrite like:
>>>
>>> map $remote_addr $forbidlisting {
>>> default 1;
>>> 1.1.1.1 0;
>>> }
>>> location /downloads/ {
>>> root /downloads/;
>>> autoindex on;
>>> if ($forbidlisting) {
>>> rewrite /downloads(.*) /noindex_downloads$1 last;
>>> }
>>> }
>>> location /noindex_downloads/ {
>>> internal;
>>> root /downloads/;
>>> }
>>>
>>>
>>> On 18.05.2018 14:17, Friscia, Michael wrote:
>>>
>>> I think you need to change this a little
>>>
>>>
>>>
>>> map $remote_addr $allowed {
>>> default “off”;
>>> 1.1.1.1 “on”;
>>> 2.2.2.2 “on:;
>>> }
>>>
>>> and then in in the download location block
>>>
>>> autoindex $allowed;
>>>
>>> I use similar logic on different variables and try at all costs to avoid
>>> IF statements anywhere in the configs.
>>>
>>>
>>>
>>> ___________________________________________
>>>
>>> Michael Friscia
>>>
>>> Office of Communications
>>>
>>> Yale School of Medicine
>>>
>>> (203) 737-7932 - office
>>>
>>> (203) 931-5381 - mobile
>>>
>>> http://web.yale.edu
>>>
>>>
>>>
>>> *From: *nginx <[email protected]> <[email protected]> on
>>> behalf of PRAJITH <[email protected]>
>>> <[email protected]>
>>> *Reply-To: *"[email protected]" <[email protected]> <[email protected]>
>>> <[email protected]>
>>> *Date: *Friday, May 18, 2018 at 2:16 AM
>>> *To: *"[email protected]" <[email protected]> <[email protected]>
>>> <[email protected]>
>>> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address
>>>
>>>
>>>
>>> Hi Satish,
>>>
>>> There are "if" constructs in nginx, please check http://nginx.org/r/if
>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=.
>>> if you want to allow multiple IP addresses, it might be better idea to use
>>> map. eg:
>>>
>>> map $remote_addr $allowed {
>>> default 0;
>>> 1.1.1.1 1;
>>> 2.2.2.2 1;
>>> }
>>>
>>> and then in in the download location block
>>>
>>> if ($allowed = 1) {
>>> autoindex on;
>>> }
>>>
>>> Thanks,
>>>
>>> Prajith
>>>
>>>
>>>
>>> On 18 May 2018 at 05:35, Sathish Kumar <[email protected]> wrote:
>>>
>>> Hi Team,
>>>
>>> We have a requirement to allow directory listing from few servers and
>>> disallow from other ip addresses and all IP addresses should be able to
>>> download all files inside the directory.
>>>
>>> Can somebody provide the correct nginx config for the same.
>>>
>>> location / {
>>>
>>> root /downloads;
>>>
>>> autoindex on;
>>>
>>> allow 1.1.1.1;
>>>
>>> deny all;
>>>
>>> }
>>>
>>> If I use the above config, only on 1.1.1.1 IP address can directory list
>>> from this server and can file download but from other IP addresses download
>>> shows forbidden, due to IP address restriction
>>>
>>> Is there a way to overcome this issue, thanks.
>>>
>>>
>>> Thanks & Regards
>>> Sathish.V
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx@nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> nginx mailing listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx@nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>>
>> _______________________________________________
>> nginx mailing listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
> _______________________________________________
> nginx mailing listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sathish Kumar
Re: Nginx Directory Listing - Restrict by IP Address
May 19, 2018 06:10AM
Hi All,

I got it working now by adding the below code. Hope it will be useful for
who ever may need or looking for a solution. Only whitelisted IP addresses
can do directory listing, other IP addresses can only download the files.

nginx.conf

http{
.....
geo $geoAutoIndexWhitelist {
default 0;
1.1.1.1 1;
}
}

site domain config domain.conf

server {
.....
root /data/downloads;
autoindex off;

location / {
if ($geoAutoIndexWhitelist) {
rewrite ^/(.*)$ /allowed_downloads/$1/ last;
}
try_files $uri $uri.html $uri/ =404;
}

location /allowed_downloads/ {
internal;
alias /data/downloads/;
autoindex on;
}
}

Later reload nginx service.


credits: shawn-c (stackoverflow)

Thanks & Regards
Sathish.V


On Sat, May 19, 2018 at 9:39 AM Sathish Kumar <[email protected]> wrote:

> Hi Igor,
>
> I tried your config and getting error, can you help me.
>
> location / {
>
> alias /downloads/;
> root /data/files;
> autoindex on;
>
> if ($forbidlisting) {
> rewrite ^/(.*) /noindex_root/$1 last;
>
> }
> }
> location /noindex_root/ {
> internal;
> alias /downloads/;
> }
>
>
> nginx: [emerg] "root" directive is duplicate, "alias" directive was
> specified earlier in domain.conf
>
>
>
> Thanks & Regards
> Sathish.V
>
>
> On Sat, May 19, 2018 at 1:03 AM Igor A. Ippolitov <[email protected]>
> wrote:
>
>> This works for me:
>>
>>
>> location / {
>> alias /downloads/;
>> autoindex on;
>> if ($forbidlisting) {
>> rewrite ^/(.*) /noindex_root/$1 last;
>> }
>> }
>> location /noindex_root/ {
>> internal;
>> alias /downloads/;
>> }
>>
>>
>>
>> On 18.05.2018 19:32, Sathish Kumar wrote:
>>
>> Hi,
>>
>> I am doing for location /, in that case how will have to change the below
>> portion.
>>
>> location /downloads {
>> alias /downloads/;
>> autoindex on;
>> if ($forbidlisting) {
>> rewrite /downloads(.*) /noindex_downloads/$1 last;
>> }
>> }
>> location /noindex_downloads/ {
>> internal;
>> alias /downloads/;
>> }
>>
>>
>>
>> On Fri, May 18, 2018, 11:10 PM Igor A. Ippolitov <[email protected]>
>> wrote:
>>
>>> Sathish,
>>>
>>> I made a couple of minor mistakes.
>>>
>>> Please, try following configuration:
>>>
>>>
>>> map $remote_addr $forbidlisting {
>>> default 1;
>>> 1.1.1.1 0;
>>> }
>>> location /downloads {
>>> alias /downloads/;
>>> autoindex on;
>>> if ($forbidlisting) {
>>> rewrite /downloads(.*) /noindex_downloads/$1 last;
>>> }
>>> }
>>> location /noindex_downloads/ {
>>> internal;
>>> alias /downloads/;
>>> }
>>>
>>>
>>> I tried it and it works for me.
>>>
>>>
>>> On 18.05.2018 16:01, Sathish Kumar wrote:
>>>
>>> Hi,
>>>
>>> Tried this option it throws rewrite error and am not able to download
>>> file from non whitelisted ip addresses.
>>>
>>>
>>> ERROR:
>>> rewrite or internal redirection cycle while processing
>>> "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip",
>>> client: 3.3.3.3, server: abc.com, request: "GET
>>> /Downloads/abcd/file.zip
>>>
>>>
>>> On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <[email protected]>
>>> wrote:
>>>
>>>> Hello, guys.
>>>>
>>>> I think, you can try something like this:
>>>>
>>>> location = /downloads/ {
>>>> root /downloads/;
>>>> allow 1.1.1.1;
>>>> autoindex on;
>>>> }
>>>> location /downloads/ {
>>>> root /downloads/;
>>>> }
>>>>
>>>> This will work nicely if you don't need subdirectories.
>>>> If you need those, you can use a rewrite like:
>>>>
>>>> map $remote_addr $forbidlisting {
>>>> default 1;
>>>> 1.1.1.1 0;
>>>> }
>>>> location /downloads/ {
>>>> root /downloads/;
>>>> autoindex on;
>>>> if ($forbidlisting) {
>>>> rewrite /downloads(.*) /noindex_downloads$1 last;
>>>> }
>>>> }
>>>> location /noindex_downloads/ {
>>>> internal;
>>>> root /downloads/;
>>>> }
>>>>
>>>>
>>>> On 18.05.2018 14:17, Friscia, Michael wrote:
>>>>
>>>> I think you need to change this a little
>>>>
>>>>
>>>>
>>>> map $remote_addr $allowed {
>>>> default “off”;
>>>> 1.1.1.1 “on”;
>>>> 2.2.2.2 “on:;
>>>> }
>>>>
>>>> and then in in the download location block
>>>>
>>>> autoindex $allowed;
>>>>
>>>> I use similar logic on different variables and try at all costs to
>>>> avoid IF statements anywhere in the configs.
>>>>
>>>>
>>>>
>>>> ___________________________________________
>>>>
>>>> Michael Friscia
>>>>
>>>> Office of Communications
>>>>
>>>> Yale School of Medicine
>>>>
>>>> (203) 737-7932 - office
>>>>
>>>> (203) 931-5381 - mobile
>>>>
>>>> http://web.yale.edu
>>>>
>>>>
>>>>
>>>> *From: *nginx <[email protected]> <[email protected]> on
>>>> behalf of PRAJITH <[email protected]>
>>>> <[email protected]>
>>>> *Reply-To: *"[email protected]" <[email protected]> <[email protected]>
>>>> <[email protected]>
>>>> *Date: *Friday, May 18, 2018 at 2:16 AM
>>>> *To: *"[email protected]" <[email protected]> <[email protected]>
>>>> <[email protected]>
>>>> *Subject: *Re: Nginx Directory Listing - Restrict by IP Address
>>>>
>>>>
>>>>
>>>> Hi Satish,
>>>>
>>>> There are "if" constructs in nginx, please check http://nginx.org/r/if
>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=.
>>>> if you want to allow multiple IP addresses, it might be better idea to use
>>>> map. eg:
>>>>
>>>> map $remote_addr $allowed {
>>>> default 0;
>>>> 1.1.1.1 1;
>>>> 2.2.2.2 1;
>>>> }
>>>>
>>>> and then in in the download location block
>>>>
>>>> if ($allowed = 1) {
>>>> autoindex on;
>>>> }
>>>>
>>>> Thanks,
>>>>
>>>> Prajith
>>>>
>>>>
>>>>
>>>> On 18 May 2018 at 05:35, Sathish Kumar <[email protected]> wrote:
>>>>
>>>> Hi Team,
>>>>
>>>> We have a requirement to allow directory listing from few servers and
>>>> disallow from other ip addresses and all IP addresses should be able to
>>>> download all files inside the directory.
>>>>
>>>> Can somebody provide the correct nginx config for the same.
>>>>
>>>> location / {
>>>>
>>>> root /downloads;
>>>>
>>>> autoindex on;
>>>>
>>>> allow 1.1.1.1;
>>>>
>>>> deny all;
>>>>
>>>> }
>>>>
>>>> If I use the above config, only on 1.1.1.1 IP address can directory
>>>> list from this server and can file download but from other IP addresses
>>>> download shows forbidden, due to IP address restriction
>>>>
>>>> Is there a way to overcome this issue, thanks.
>>>>
>>>>
>>>> Thanks & Regards
>>>> Sathish.V
>>>>
>>>>
>>>> _______________________________________________
>>>> nginx mailing list
>>>> nginx@nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> nginx mailing listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
>>>>
>>>>
>>>> _______________________________________________
>>>> nginx mailing list
>>>> nginx@nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>>
>>>
>>> _______________________________________________
>>> nginx mailing listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx@nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>>
>> _______________________________________________
>> nginx mailing listnginx@nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login