> There are other locations like /auth, /auth/, /auth/admin, /auth/admin/ and
> few more which have the same rules. I am trying to restrict access to /auth
> and /auth/admin which are sensitive for public access. Do you think removing
> "=" can help in this case?
'=' in location definition means that nginx will use it only on exact uri match.
if you have location = /auth {} but client requests /auth/admin (unless you
have also location = /auth/admin) then that particular location configuration
won't be used and will match the 'location / {}' which in your configuration
sample was proxied without any deny rules.
By removing the '=' it means all the /auth, /auth/* requests will be processed
in that location.
Good to also check the documentation on it
http://nginx.org/en/docs/http/ngx_http_core_module.html#location
rr
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
