Configure Allow and Deny Directives

Author: Al-mamun Sarkar Date: 2020-04-14 13:29:24

Configure Allow and Deny directives. The following code shows how to configure allow and deny directives on Nginx virtual host configuration. 

Create directory appointments inside artofcse.com:

mkdir /var/www/artofcse.com/appointments

Care a index.html file inside appointments directory:

echo "Welcome to appointments" > /var/www/artofcse.com/appointments/index.html

Now you will be able to visit appointments URI http://127.0.0.1/appointments

 

Deny Access:

location /appointments/ {
        deny all;
}

 

Check Nginx configuration:

nginx -t

 

Restart Nginx:

systemctl reload nginx

Now you will not be able to visit appointments URI http://127.0.0.1/appointments

 

Allow IP:

location /appointments/ {
        allow 192.168.33.0/24;
        allow 10.0.0.0/8;
        deny all;
}

 

Now, artofcse.local.conf will be as follows:

server {
        listen 80 default_server;
        server_name artofcse.local www.artofcse.local;
        index index.html index.htm index.php;
        root /var/www/artofcse.local;

        access_log /var/log/nginx/artofcse.local.access.log;
        error_log /var/log/nginx/artofcse.local.error.log;

        location / {
                try_files $uri $uri/ =404;
        }

        location /images {
                autoindex on;
                access_log /var/log/nginx/artofcse.local.images.access.log;
                error_log /var/log/nginx/artofcse.local.images.error.log;
        }

        location /appointments/ {
                allow 192.168.33.0/24;
                allow 10.0.0.0/8;
                deny all;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
                fastcgi_intercept_errors on;
        }

        error_page 404 /404.html;
        location = /404.html {
                internal;
        }
}

 

Check Nginx configuration:

nginx -t

 

Restart Nginx:

systemctl reload nginx

Now you will be able to visit appointments URI http://127.0.0.1/appointments from allowed IP.