Nginx Block/Deny Access to multiple locations regex
Question
I am using Nginx as a reverse proxy for my Apache instillation and as a security feature it blocks access to phpmyadmin, webalizer etc for everyone except localhost but using nginx it makes Apache think it is localhost so it displays it publicly for everyone.
<LocationMatch "^/(?i:(?:xampp|security|phpmyadmin|licenses|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16
ErrorDocument 403 /
</LocationMatch>
I need to turn the above rules pattern matching regex into the following.
location /phpmyadmin {
proxy_pass htt://127.0.0.1:8080/phpmyadmin;
allow 127.0.0.1;
deny all;
}
Much appreciated for help from anyone who is familiar with regex in Nginx.
The following method works but breaks normal site urls that would be search engine friendly such as domain.com/forums/server-info
location ~ /(xampp|security|phpmyadmin|licenses|webalizer|server-status|server-info) {
deny all;
}
2 answers
solution1
8 ACCPTED 2013-03-16 18:38:36
As the apache regex has '^', we can put '^' to force matching from the start of the path too.
location ~ ^/(xampp|security|phpmyadmin|licenses|webalizer|server-status|server-info) {
proxy_pass http://127.0.0.1:8080$request_uri;
.... allow/deny directives come here
}
[EDIT] The matched string inside the brackets is stored in $1. So you may try
http://127.0.0.1:8080/$1
if that's what you want. However, my understanding is that you want to pass the entire uri path to the apache server. In that case, it's simpler to use nginx variable $request_uri.
solution2
2 2013-03-16 17:49:30
Looks like you have it pretty much. For the security, nginx will read from top to bottom, so leave deny all for the end:
location /(xampp|security|phpmyadmin|licenses|webalizer|server-status|server-info) {
allow from ::1;
allow from fc00::/7;
allow from fe80::/10;
allow 127.0.0.0/8;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
allow 169.254.0.0/16;
deny all;
}
Note that this will apply to any url like /phpmyadmin , etc. Including /someplaceelse/phpmyadmin . You can prepend a ^ to this match for only http://host/phpmyadmin matches. Although from the sound of it you may have to split this into multiple location directives in this case.
I'm not sure what you mean by search engine friendly. If you want server-info to be accessible, simply remove it from the regex | cases.
For the phpmyadmin proxy:
location ^/phpmyadmin {
proxy_pass http://127.0.0.1:8080;
}
nginx will take everything in the location match and append it to http://127.0.0.1:8080
You can modify this behavior using ~, for instance. http://wiki.nginx.org/HttpCoreModule#location
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.