Restricting access to one controller of an MVC app with Nginx

Posted by kgb on Server Fault See other posts from Server Fault or by kgb
Published on 2012-06-28T15:06:29Z Indexed on 2012/06/28 15:17 UTC
Read the original article Hit count: 186

Filed under:

nginx

|

rewrite

|

restrict-access

|

mvc

I have an MVC app where one controller needs to be accessible only from several ips(this controller is an oauth token callback trap - for google/fb api tokens). My conf looks like this:

geo $oauth {
    default 0;
    87.240.156.0/24 1;
    87.240.131.0/24 1;
}

server {
    listen 80;
    server_name some.server.name.tld default_server;
    root /home/user/path;
    index index.php;

    location /oauth {
        deny all;
        if ($oauth) {
            rewrite ^(.*)$ /index.php last;
        }
    }

    location / { 
        if ($request_filename !~ "\.(phtml|html|htm|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|xlsx)$") {
            rewrite ^(.*)$ /index.php last;
            break;
        }
    }

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

}

It works, but does not look right.

The following seems logical to me:

    location /oauth {
        allow 87.240.156.0/24;
        deny all;
        rewrite ^(.*)$ /index.php last;
    }

But this way rewrite happens all the time, allow and deny directives are ignored. I don't understand why...

© Server Fault or respective owner

Related posts about nginx

ModSecurity compile error on nginx

as seen on Server Fault - Search for 'Server Fault'
I'm trying to install ModSecurity on nginx with the following instructions : wget https://github.com/SpiderLabs/ModSecurity/archive/master.zip unzip master cd ModSecurity-master ./autogen.sh ./configure --enable-standalone-module And i got the following error : Checking plataform... Identified… >>> More
Cannot Start Nginx Compiled from Source

as seen on Server Fault - Search for 'Server Fault'
I am trying to compile Nginx from source based on the original compiled Nginx server running on my DigitalOcean server ( Ubuntu-14.04 64x ) but with a few extra modules. I can get everything installed smoothly but I can not get it to start. I am sure the ini is correct because I copied the original… >>> More
Nginx http_mp4_module seam installed but dont work

as seen on Server Fault - Search for 'Server Fault'
I try to use the http_mp4_module on my Ubuntu server but that didnt seem to work at all. When i check nginx -V i get : nginx version: nginx/1.1.19 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body… >>> More
GeoIP and Nginx

as seen on Server Fault - Search for 'Server Fault'
I have a nginx with geoip, but it is not working rightly. The issue is the next: Nginx are getting geodata from $_SERVER['REMOTE_ADDR'] instead of $_SERVER['HTTP_X_HAPROXY_IP'], which have the real client ip. So, the reported geodata belongs to my server ip instead of client ip. Does anybody where… >>> More
Nginx1.6.1: Installing from source not running corectly

as seen on Server Fault - Search for 'Server Fault'
I just installed Nginx 1.6.1 from source but it didn't seem to installed correctly. Nginx is running if I service nginx status but when I do nginx -v it outputs command not found. Regular HTML page shows fine and there is no error in the error logs. I am on AWS Ec2 linux AMI. Here is my /etc/init… >>> More

Related posts about rewrite

Apache mod rewrite rules to Zeus rewrite rules

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, This morning I wanted to move my development website online (in a protected folder), but I figured out that our host (on a shared server) does not use apache mod_rewrite but Zeus rules. I've never heard about that before but it seems that apache rules could be automatically converted via a command… >>> More
Apache > 2.2.22 rewrite rule not working?

as seen on Server Fault - Search for 'Server Fault'
since yesterday I'm trying to figure out how to fix the following: running phpipam (http://www.phpipam.net/) with WAMP (Windows environment). The problem I am facing is related with RewriteRule functionality, so forget phpipam for a moment and concentrate on few lines of code. Here is the directory… >>> More
How can I express this nginx config as apache2 rewrite rules?

as seen on Server Fault - Search for 'Server Fault'
if (!-e $request_filename){ rewrite /iOS/(.*jpg)$ /$1 last; rewrite /iOS/(.*jpeg)$ /$1 last; rewrite /iOS/(.*png)$ /$1 last; rewrite /iOS/(.*css)$ /$1 last; rewrite /iOS/(.*js)$ /$1 last; rewrite /Android/(.*jpg)$ /$1 last; rewrite /Android/(… >>> More
Helicon ISAPI Rewrite is processing Rewrite Rules for httpd.conf but not .htaccess

as seen on Server Fault - Search for 'Server Fault'
We have Helicon ISAPI Rewrite 3 installed on our Windows 2003 Web server. The RewriteRules work fine in the global file located in the httpd.conf file. The server serves several Web sites and we were hoping to create RewriteRules to apply to specific Web sites. In the IIS Properties for each Web… >>> More
Using IIS URL Rewrite, how to rewrite foo.bar.com -> bar.com/myapp

as seen on Server Fault - Search for 'Server Fault'
Our web app lies at bar.com/myapp We'll use the HTTP Host Header to work out the username So need to transparently rewrite http://foo.bar.com to http://bar.com/myapp using the URL Rewrite module in IIS But still need to be able to go to www.bar.com and see the company website and webmail.bar.com… >>> More