Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
25% Recurring Discount on NVMe VPS
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
CloudLinux
Shells Virtual Desktop
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Nginx help please

I have this block in the nginx.conf. IP stands for actual IPs.

What I need is to IP restrict requests to /admin/ and /admin/whateverpath

location ~ ^/admin(/.*)?$ {
            allow IP;
            allow IP;
            allow IP;
            allow IP;
            allow IP;
            deny all;
}

But when this is in effect, it blocks all ips including the allowed IPs.

What am I doing wrong here? Thank you for any help.

Comments

  • location ^~ /admin/ {
        allow IP;
        deny all;
    }
    

    how about this?

    Thanked by 2gwnd1989 wedge1001
  • @tototo said:

    location ^~ /admin/ {
        allow IP;
        deny all;
    }
    

    how about this?

    Thank you, this is what I initially had, same issue. Will try again and post here.

  • FatGrizzlyFatGrizzly Member, Host Rep

    @gwnd1989 said:

    @tototo said:

    location ^~ /admin/ {
        allow IP;
        deny all;
    }
    

    how about this?

    Thank you, this is what I initially had, same issue. Will try again and post here.

    is it a php application? are you handling .php seperately?

  • @FatGrizzly said:

    @gwnd1989 said:

    @tototo said:

    location ^~ /admin/ {
        allow IP;
        deny all;
    }
    

    how about this?

    Thank you, this is what I initially had, same issue. Will try again and post here.

    is it a php application? are you handling .php seperately?

    Thank you

    Ruby app, yes handling Ruby here

    server {
        listen       8080;
        server_name  redacted;
        root '/home/redacted/api3-0/current/public';
        passenger_enabled on;
        passenger_ruby /usr/local/rvm/wrappers/ruby-2.7.2/ruby;
        passenger_app_root '/home/redacted/api3-0/current';
        passenger_app_env production;
        passenger_spawn_method smart;
        passenger_min_instances 24;
        passenger_friendly_error_pages off;
    
        location ~ ^/admin(/.*)?$ {
                    allow IP;
                    allow IP;
                    allow IP;
                    allow IP;
                    deny all;
        }
    
        # Rails asset pipeline support.
        location ~ "^/assets/.+-[0-9a-f]{32}\..+" {
                error_page 490 = @static_asset;
                error_page 491 = @dynamic_request;
                recursive_error_pages on;
    
                if (-f $request_filename) {
                        return 490;
                }
                if (!-f $request_filename) {
                        return 491;
                }
        }
        location @static_asset {
                gzip_static on;
                expires max;
                add_header Cache-Control public;
                add_header ETag "";
        }
        location @dynamic_request {
                passenger_enabled on;
                passenger_ruby /usr/local/rvm/wrappers/ruby-2.7.2/ruby;
        }
    
    }
    
  • AndreixAndreix Member, Host Rep
    edited February 2024

    Make sure you're not behind a proxy.

    Or use something like:
    set_real_ip_from proxy_server_ip;

    real_ip_header X-Forwarded-For;

    Thanked by 1gwnd1989
  • How about:

    1. deny all
    2. allow what IP's you want

    So.. it reads from top to bottom so invert that and put deny all on top

  • @Andreix said:
    Make sure you're not behind a proxy.

    Or use something like:
    set_real_ip_from proxy_server_ip;

    real_ip_header X-Forwarded-For;

    Thank you

  • @gwnd1989 said: Thank you

    So, did you try any of options posted here and did any work ?

  • @amarc said:

    @gwnd1989 said: Thank you

    So, did you try any of options posted here and did any work ?

    The maintenance window is not up yet. Tomorrow morning I will.

  • Oh wow, did not know that.. Do you expect that '/etc/init.d/nginx reload' would cause downtime ?

  • @amarc said: Oh wow, did not know that.. Do you expect that '/etc/init.d/nginx reload' would cause downtime ?

    also, before reloading/restarting you can run "nginx -t" to check if there are any config errors.

    Thanked by 1gwnd1989
  • @amarc said:
    Oh wow, did not know that.. Do you expect that '/etc/init.d/nginx reload' would cause downtime ?

    No, but we have to follow the protocol. If the new edits break access for people its not ideal.

  • @Andreix said:
    Make sure you're not behind a proxy.

    Or use something like:
    set_real_ip_from proxy_server_ip;

    real_ip_header X-Forwarded-For;

    This worked

  • bollebolle Member
    edited February 2024

    Or use something like:
    set_real_ip_from proxy_server_ip;

    real_ip_header X-Forwarded-For;

    This worked

    Was that inside location section, like so:

    location ^~ /admin/ {
        allow IP;
        deny all;
        set_real_ip_from proxy_server_ip;
        eal_ip_header X-Forwarded-For;
    }
    

    Or did you put it before?

  • @bolle said:

    Or use something like:
    set_real_ip_from proxy_server_ip;

    real_ip_header X-Forwarded-For;

    This worked

    Was that inside location section, like so:

    location ^~ /admin/ {
        allow IP;
        deny all;
        set_real_ip_from proxy_server_ip;
        eal_ip_header X-Forwarded-For;
    }
    

    Or did you put it before?

    Before allow IP

Sign In or Register to comment.