NGINX - how to restrict access to content on HTTP_X_REAL

G

German Zvonchuk2015-11-05 17:02:13

Nginx

German Zvonchuk, 2015-11-05 17:02:13

NGINX - how to restrict access to content on HTTP_X_REAL_IP?

Good evening.
I have two servers, the first and the second :=)
domain.com is attached to the first server,
on the second server I have domain.com/blog/, that is, when accessing this address, the first server proxies the request to the second server.
Now on the second server I need to set restrictions on the IP address on domain.com/blog/wp-admin/.
The problem is that when proxying to the second server, the real IP address of the visitor is transmitted only via HTTP_X_REAL_IP and my configuration does not work for this reason:

location ~ ^/blog/wp-admin(/?)(.*) {	
    satisfy  any;		
    allow  10.11.142.234;
    allow  10.11.83.210;
    allow  10.11.85.50;
    allow  10.11.40.2;
    allow  10.11.183.98;		
    auth_basic           "Blog";
    auth_basic_user_file /etc/nginx/.htpasswd;		
    deny   all;			
  }

And here is the config of the first server:

location ~ ^/blog(/?)(.*) {
    proxy_set_header Host www.domain.com;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_pass https://ip-address:443/blog/$2$is_args$args;
    proxy_redirect off;
  }

I would be very grateful if you could give me a solution to this problem.
I don't want to register IP addresses on the first server.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

U

un1t, 2015-11-05
@un1t

On the second one, you need to specify set_real_ip_from with the ip value of the first one.
nginx.org/ru/docs/http/ngx_http_realip_module.html