I've a domain where I need to accept only one url and all the other URLs should be blocked. I need to accept only /page?param=something. I'm using Nginx. Any help would be appreciated.
map $query_string $is_param {
~ param=.+ 1;
}
location ~* /page {
if ($is_param) {
allow all;
}
return 403;
}
Related
I want to deny access on manifest.json, list.json (or simply *.json) and all sourcemaps *.maps in packs/ folder.
I tried something like:
location ^/packs/.*\.(json|map)$ {
deny all;
return 404;
}
Didn't worked out. I still access those files :(
How can I restrict access to those files in packs/ folder?
You are trying to use regex matching location, those locations declared with a ~ (or ~* if you want case-insensitive matching) sign:
location ~ ^/packs/.*\.(json|map)$ {
deny all;
return 404;
}
I'm having a trouble trying to implement basic authentication for ELB healthcheck.
I've searched quite a bit to figure out the nginx file configuration to avoid 401 error shown below, which ELB returns due to basic authentication
unhealthy in target-group hogehoge due to (reason Health checks failed with these codes: [401])
I've tried to modify nginx.conf so as to avoid it, but it doesn't work.
The code below gives me [emerg] "server" directive is not allowed here error.
http {
server {
location / {
if (!$http_x_forwarded_for) {
auth_basic 'Please enter ID and password';
auth_basic_user_file /usr/src/redmine/.htpasswd;
}
}
}
}
How can I avoid 401 error by ELB healthcheck due to basic authentication?
Thanks for the help.
The easiest approach would be to create a location for the ELB, for example:
location /elb-status {
access_log off;
return 200;
}
You will just need to change the Ping Path to be /elb-status
If you want to see something on your browser while testing you may need to change the content-type since defaults to application/octet-stream and the browser will offer to save the file, so something like this should work:
location /elb-status {
access_log off;
return 200 'your text goes here';
add_header Content-Type text/plain;
}
If you would like to check against the user-agent something like this could be used:
set $block 1;
# Allow all the ELB health check agents.
if ($http_user_agent ~* '^ELB-HealthChecker\/.*$') {
set $block 0;
}
if (!$http_x_forwarded_for) {
set $block 1
}
if ($block = 1) {
auth_basic 'Please enter ID and password';
auth_basic_user_file /usr/src/redmine/.htpasswd;
}
Trying to get my nginx location regex to trigger whether the ending "/" is present or not.
So far it only fires when not present. Please help
location ~ ^/page\-[0-9]*$ {
root /sites/gibranali;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php?pagination=$1 last;
}
}
figured it out. here's the answer for posterity
location ~ ^/page\-[0-9]/?$ {
New to nginx and still trying to figure out its methods.
I'm trying to do a redirect to an external URL based on the referring URL. For example, in the code below that I have for the hosted domain, if the referring URL comes from Facebook, I want to redirect the user to a specific URL:
location / {
index index.php;
if ($http_referer ~* ^(.*?(\bfacebook\b)[^$]*)$ ) {
rewrite http://www.othersite.com break;
}
try_files $uri $uri/ #handler;
expires 30d;
}
Nginx doesn't throw any errors once it's restarted, but despite testing this from a Facebook link, it's not executing.
Any nginx / regular expression gurus who can point me in the right direction?
Thanks in advance.
Although it may pass the syntax test, your rewrite statement is incorrect. To redirect any URI to a new URL you would use:
rewrite ^ http://www.example.com/? permanent;
But the preferred solution would be the more efficient:
return 301 http://www.example.com/;
See this page for details of both directives.
I am trying to setup a rule in nginx where I will deny traffic if a certain url is accessed from outside the specified ip address range. Instead of specifying the url pattern that needs to be protected, I would like to setup a rule that would essentially say the following:
if URL is not a certain url format, apply the deny/allow rules in a permissions.conf file.
Previously I had this (which seems to work):
location ^~ /admin {
include permissions.conf file
}
permissions.conf file
allow 127.0.0.1;
deny all;
I would now like to replace the rule above and specify a rule which only gets hit if the url is not of a certain pattern (so in the case below, if it is not /a/test, then it should apply the permissions.conf file. The format below is not working - any ideas on how to fix it?
location ~ (/a\/(?!test)) {
include permissons.conf
}
I tried this as well:
location ~ (/a/(?!test)) {
include permissons.conf
}
&
location ~* ^(?!/a/test/) {
include permissons.conf
}
thanks in advance
I think you can try this:
location / {
if ($request_uri !~ "^/a/test$")
{
include permissons.conf
}
}