Nginx configuration for allow ip is not working deny all is working fine

linux nginx
11,395

at last i find out the cause of the issue why the allow ip: deny all;

not working .its becasue its loading with a proxy ip while connecting to the site. so we want to enalbe the proxy ip also if we want to allow for a specific public ip. here are the configuration .

upstream backend_solr {
    ip_hash;
    server ip_address:port; 
} 
server {
    listen 80;
    server_name www.example.com;

    index /example/admin.html;

     charset utf-8;
     access_log /var/log/nginx/example_access.log main;

     location / {
         # **
         set $allow false;
         if ($http_x_forwarded_for ~ " 12\.22\.22\.22?$")-public ip {
             set $allow true;
         }
         set $allow false;
         if ($http_x_forwarded_for ~ " ?11\.123\.123\.123?$")- proxy ip {
             set $allow true;
         }
         if ($allow = false) {
             return 403 ;
         }
         # **
         proxy_pass  http://backend_solr-01/;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location ~ /favicon\.ico {
        root html;
    }

    location ~ /\. {
        deny all;
    }
}
Share:
11,395
fatha
Author by

fatha

Updated on June 29, 2022

Comments

  • fatha
    fatha almost 2 years

    i create a new conf file to block all public ip to access and give only one public ip address(office public IP) to access. but when i try to access its shows the "403 Forbidden nginx" 

        upstream backend_solr {
         ip_hash;
         server ip_address:port; 
} 
server {
         listen 80;
         server_name www.example.com;

         index /example/admin.html;

         charset utf-8;
         access_log /var/log/nginx/example_access.log main;

         location / {

            allow **office_public_ip**;
            deny all;
            proxy_pass  http://backend_solr-01/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         }

        location ~ /favicon\.ico {
            root html;
        }

        location ~ /\. {
            deny all;
        }}

    but in the logs it shows accessing to the public ip but forbidden 

    IP_Address - - [31/Jul/2017:12:43:05 +0800] "Get /example/admin.html HTTP/1.0" www.example.com "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "my_office _IP" "-" "-" "-" 403 564 0.000 - - -

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to configure NGINX server which download any files in derectory
Reload php on CentOS
Run nginx in docker with custom vhost
How to send USR2 signal?
PHP-FPM with nginx config (too many process)
DKIM : Signature header exists but is not valid
Howto debug when nginx gives 502 bad gateway?
How to configure GitLab as a subdomain in nginix.conf
Php7 and php5 on fedora at the same time
How to run an nginx container as non root?