NGINX IP Whitelist by Directory

May 20, 2017 in NGINX
https://rchase.com/static/img/nginx-2.png

Overview

In this example, I have a shared hosting environment where I want to limit access to certain NGINX web directories by IP whitelist. I am going to create an admin IP list, and a customer1 IP list. Then I will allow the admin IP list to access both admin and customer1 directories, but only allow customer1 to access customer1 directory.

Configuration

Setup

Create directories inside the “app” website

mkdir /var/www/app/admin
chown www-data:www-data /var/www/app/admin
mkdir /var/www/app/customer1
chown www-data:www-data /var/www/app/admin

Create whitelists

Create whitelist called admin-ips

nano /etc/nginx/includes/admin-ips
allow 1.2.3.4;

Create whitelist called customer1-ips

nano /etc/nginx/includes/customer1-ips
allow 4.3.2.1;

Apply whitelists to NGINX directories

Edit NGINX config for website called “app”

nano /etc/nginx/sites-enabled/app

In the server Listen 80 section, add this to the end

location ^~ /admin/ {
    include /etc/nginx/includes/admin-ips;
    deny all;
}


location ^~ /customer1/ {
    root /var/www/app;
    include /etc/nginx/includes/admin-ips;
    include /etc/nginx/includes/customer1-ips;
    deny all;
}

In the server Listen 443 section, add this to the end

location ^~ /admin/ {
    include /etc/nginx/includes/admin-ips;
    deny all;
}

location ^~ /customer1/ {
    root /var/www/app;
    include /etc/nginx/includes/admin-ips;
    include /etc/nginx/includes/customer1-ips;
    deny all;
}

Reload NGINX for changes to take effect

service nginx reload

Subscribe for updates

comments powered by Disqus

Latest Posts

IoT Hacking: Momentum IP Camera - Penetration Test Report
Apr 23, 2018
IoT Hacking: Momentum IP Camera - Penetration Test Report
Read More
IoT Hacking: Momentum IP Camera - Custom Firmware
Apr 13, 2018
IoT Hacking: Momentum IP Camera - Custom Firmware
Read More
IoT Hacking: Momentum IP Camera - Getting Root
Apr 12, 2018
IoT Hacking: Momentum IP Camera - Getting Root
Read More