Restricting access to one controller of an MVC app with Nginx
Posted
by
kgb
on Server Fault
See other posts from Server Fault
or by kgb
Published on 2012-06-28T15:06:29Z
Indexed on
2012/06/28
15:17 UTC
Read the original article
Hit count: 217
I have an MVC app where one controller needs to be accessible only from several ips(this controller is an oauth token callback trap - for google/fb api tokens). My conf looks like this:
geo $oauth {
default 0;
87.240.156.0/24 1;
87.240.131.0/24 1;
}
server {
listen 80;
server_name some.server.name.tld default_server;
root /home/user/path;
index index.php;
location /oauth {
deny all;
if ($oauth) {
rewrite ^(.*)$ /index.php last;
}
}
location / {
if ($request_filename !~ "\.(phtml|html|htm|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|xlsx)$") {
rewrite ^(.*)$ /index.php last;
break;
}
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
It works, but does not look right.
The following seems logical to me:
location /oauth {
allow 87.240.156.0/24;
deny all;
rewrite ^(.*)$ /index.php last;
}
But this way rewrite happens all the time, allow and deny directives are ignored. I don't understand why...
© Server Fault or respective owner