Restricting access to one controller of an MVC app with Nginx

Posted by kgb on Server Fault See other posts from Server Fault or by kgb
Published on 2012-06-28T15:06:29Z Indexed on 2012/06/28 15:17 UTC
Read the original article Hit count: 217

Filed under:
|
|
|

I have an MVC app where one controller needs to be accessible only from several ips(this controller is an oauth token callback trap - for google/fb api tokens). My conf looks like this:

geo $oauth {
    default 0;
    87.240.156.0/24 1;
    87.240.131.0/24 1;
}

server {
    listen 80;
    server_name some.server.name.tld default_server;
    root /home/user/path;
    index index.php;

    location /oauth {
        deny all;
        if ($oauth) {
            rewrite ^(.*)$ /index.php last;
        }
    }

    location / { 
        if ($request_filename !~ "\.(phtml|html|htm|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|xlsx)$") {
            rewrite ^(.*)$ /index.php last;
            break;
        }
    }

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

}

It works, but does not look right.

The following seems logical to me:

    location /oauth {
        allow 87.240.156.0/24;
        deny all;
        rewrite ^(.*)$ /index.php last;
    }

But this way rewrite happens all the time, allow and deny directives are ignored. I don't understand why...

© Server Fault or respective owner

Related posts about nginx

Related posts about rewrite