Join Log in
Score:0
avatar Server

Nginx - block access to subfolder

tr flag
Pikk

This is a Next.js with React site. Run with NPM and Nginx proxies to the localhost.

I have the following nginx server block in the virtualhost:

server {
        listen 443 ssl;
        server_name dev.sekretyrozwojuosobistego.pl;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
        client_max_body_size 15M;

        location /  {
                proxy_pass    http://localhost:4006;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }

}

I want to block access to /private

If I add a new location this way there are problems:

server {
        listen 443 ssl;
        server_name dev.sekretyrozwojuosobistego.pl;
    ssl_certificate /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sekretyrozwojuosobistego.pl/privkey.pem; # managed by Certbot

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

        client_max_body_size 15M;


#       return 301 https://$host$request_uri;


        location /private {
               auth_basic  "Work in progress";
               auth_basic_user_file /etc/nginx/restricted/.htpasswd;
               proxy_pass    http://localhost:4006;

               proxy_http_version 1.1;
               proxy_set_header Upgrade $http_upgrade;
               proxy_set_header Connection 'upgrade';
               proxy_set_header Host $host;
               proxy_cache_bypass $http_upgrade;
        }


        location /  {
#               auth_basic  "Work in progress";
#               auth_basic_user_file /etc/nginx/restricted/.htpasswd;
                proxy_pass    http://localhost:4006;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }

}

Good of this solution:

  • /private can be accessed only by password

Bad of this solution: I get such errors:

Failed to load resource: the server responded with a status of 404 ()
webpack-917a29e0b939a068b2f9.js:1 Failed to load resource: the server responded with a status of 404 ()
_app-9d47fe6f5703c9f8e12f.js:1 Failed to load resource: the server responded with a status of 404 ()
_buildManifest.js:1 Failed to load resource: the server responded with a status of 404 ()
_ssgManifest.js:1 Failed to load resource: the server responded with a status of 404 ()

If I comment out the /private location block the 404 errors stop happening.

Am I doing it wrong? How to fix that?

EDIT: I was able to make it work this way:

            location /  {
#                   auth_basic  "Work in progress";
#                   auth_basic_user_file /etc/nginx/restricted/.htpasswd;
                    proxy_pass    http://localhost:4006;
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection 'upgrade';
                    proxy_set_header Host $host;
                    proxy_cache_bypass $http_upgrade;
            }
    
    
            location ^~/private {
                    auth_basic  "Work in progress";
                    auth_basic_user_file /etc/nginx/restricted/.htpasswd;
                     proxy_pass    http://localhost:4006;
           }

However I am not sure if it should be ^~/private or else...

What I want to block is: /private /private/ /private? /private?whatever /private/whatever

84
0 + 0
djdomi avatar
za flag
djdomi
please share the full path from the failed resources /private is required by the application
0
Reply
tr flag
Pikk
I just added an EDIT to the original question
0
Reply
Score:0
Anilhan Hasceviz avatar Server
tr flag
Anilhan Hasceviz

it blocks all requests starting with "private"

location ~ ^/private {
        deny all;
    }

This only accepts requests from the IP addresses you specify.

location ~ ^/private {
        allow 192.168.1.100;
        allow 192.168.1.101;
        deny all;
    }
+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.