I would like to Set up Firewall Bypass Prevention in my Nginx. To do so, I want to add the following directive to Nginx configuration:
location / {
allow xxx.xx.xxx.x/xx;
allow xxx.xx.xxx.x/xx;;
allow xxxx:xxxx::/xx;
allow xx.xxx.xxx.x/xx;
allow xxx.xxx.x.x/xx;
deny all;
# Existing NGINX rules
}
I have already got location directive under server directive as follow:
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
The question is, do I need to add a new location directive for Firewall Bypass Prevention, or I have to append Firewall Bypass Prevention in existing location as following:
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
allow xxx.xx.xxx.x/xx;
allow xxx.xx.xxx.x/xx;;
allow xxxx:xxxx::/xx;
allow xx.xxx.xxx.x/xx;
allow xxx.xxx.x.x/xx;
deny all;
# Existing NGINX rules
}
Any thought?
You most likely want to move
allowanddenydirective to the outside of anylocationand place directly withinserver {}. Then it will be applied to all locations.