Re: Nginx Directory Listing - Restrict by IP Address

[Igor A. Ippolitov]

Sathish,

I made a couple of minor mistakes.

Please, try following configuration:

map $remote_addr $forbidlisting {
    default 1;
    1.1.1.1 0;
}
location /downloads {
    alias /downloads/;
    autoindex on;
    if ($forbidlisting) {
        rewrite /downloads(.*) /noindex_downloads/$1 last;
    }
}
location /noindex_downloads/ {
    internal;
    alias /downloads/;
}

I tried it and it works for me.


On 18.05.2018 16:01, Sathish Kumar wrote:

Hi,

Tried this option it throws rewrite error and am not able to download file from non whitelisted ip addresses.

ERROR:

rewrite or internal redirection cycle while processing "/noindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsnoindex_downloadsDownloads/abcd/file.zip", client: 3.3.3.3, server: abc.com <http://abc.com>, request: "GET /Downloads/abcd/file.zip

On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <iippoli...@nginx.com <mailto:iippoli...@nginx.com>> wrote:

    Hello, guys.

    I think, you can try something like this:

    location = /downloads/ {
        root /downloads/;
        allow 1.1.1.1;
        autoindex on;
    }
    location /downloads/ {
        root /downloads/;
    }

    This will work nicely if you don't need subdirectories.
    If you need those, you can use a rewrite like:

    map $remote_addr $forbidlisting {
        default 1;
        1.1.1.1 0;
    }
    location /downloads/ {
        root /downloads/;
        autoindex on;
        if ($forbidlisting) {
            rewrite /downloads(.*) /noindex_downloads$1 last;
        }
    }
    location /noindex_downloads/ {
        internal;
        root /downloads/;
    }


    On 18.05.2018 14:17, Friscia, Michael wrote:

    I think you need to change this a little

    map $remote_addr $allowed {
        default         “off”;
        1.1.1.1         “on”;
        2.2.2.2         “on:;
    }

    and then in in the download location block

     autoindex $allowed;

    I use similar logic on different variables and try at all costs
    to avoid IF statements anywhere in the configs.

    ___________________________________________

    Michael Friscia

    Office of Communications

    Yale School of Medicine

    (203) 737-7932 - office

    (203) 931-5381 - mobile

    http://web.yale.edu <http://web.yale.edu/>

    *From: *nginx <nginx-boun...@nginx.org>
    <mailto:nginx-boun...@nginx.org> on behalf of PRAJITH
    <prajithpalakk...@gmail.com> <mailto:prajithpalakk...@gmail.com>
    *Reply-To: *"nginx@nginx.org" <mailto:nginx@nginx.org>
    <nginx@nginx.org> <mailto:nginx@nginx.org>
    *Date: *Friday, May 18, 2018 at 2:16 AM
    *To: *"nginx@nginx.org" <mailto:nginx@nginx.org>
    <nginx@nginx.org> <mailto:nginx@nginx.org>
    *Subject: *Re: Nginx Directory Listing - Restrict by IP Address

    Hi Satish,

    There are "if" constructs in nginx, please check
    
http://nginx.org/r/if<https://urldefense.proofpoint.com/v2/url?u=http-3A__nginx.org_r_if&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=_hMwYrlV1QXfU7fEvfqx9BnEUgUoadjGtTqav5fo_7M&e=>.
    if you want to allow multiple IP addresses, it might be better
    idea to use map. eg:

    map $remote_addr $allowed {
        default         0;
        1.1.1.1         1;
        2.2.2.2         1;
    }

    and then in in the download location block

     if ($allowed = 1) {
            autoindex on;
    }

    Thanks,

    Prajith

    On 18 May 2018 at 05:35, Sathish Kumar
    <satcs...@gmail.com<mailto:satcs...@gmail.com>> wrote:

        Hi Team,

        We have a requirement to allow directory listing from few
        servers and disallow from other ip addresses and all IP
        addresses should be able to download all files inside the
        directory.

        Can somebody provide the correct nginx config for the same.

        |location / {|

        |root /downloads;|

        |autoindex on;|

        |allow 1.1.1.1;|

        |deny all;|

        |}|

        If I use the above config, only on 1.1.1.1 IP address can
        directory list from this server and can file download but
        from other IP addresses download shows forbidden, due to IP
        address restriction

        Is there a way to overcome this issue, thanks.


        Thanks & Regards
        Sathish.V


        _______________________________________________
        nginx mailing list
        nginx@nginx.org<mailto:nginx@nginx.org>
        
http://mailman.nginx.org/mailman/listinfo/nginx<https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs&m=fKmL-eoW-L4wbuOH4Cy1Z_3ZWkTmrmgNPGNe6O6FIV4&s=UVcx123SYSrcJEG8dvDlswatIFjwcvFXOBJR6JO6VVk&e=>



    _______________________________________________
    nginx mailing list
    nginx@nginx.org <mailto:nginx@nginx.org>
    http://mailman.nginx.org/mailman/listinfo/nginx

    _______________________________________________
    nginx mailing list
    nginx@nginx.org <mailto:nginx@nginx.org>
    http://mailman.nginx.org/mailman/listinfo/nginx



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx