Hey guys, i'm trying to make the autoindex feature only run for my ip address with this code:
server{ ... autoindex off; ... if ($remote_addr ~ ...) { autoindex on; } ... } But it doesn't work. It gives my a 403 :/ Can someone help me :) Btw, i'm using Debian Lenny and Nginx 0.6 :)
EDIT: Here's my full configuration:
server {
listen 80;
server_name site.com;
server_name_in_redirect off;
client_max_body_size 4M;
server_tokens off;
# log_subrequest on;
autoindex off;
# expires max;
error_page 500 502 503 504 /var/www/nginx-default/50x.html;
# error_page 404 /404.html;
set $myhome /bla/bla;
set $myroot $myhome/public;
set $mysubd $myhome/subdomains;
log_format new_log
'$remote_addr - $remote_user [$time_local] $request '
'"$status" "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# Star nginx :@
access_log /bla/bla/logs/access.log new_log;
error_log /bla/bla/logs/error.log;
if ($remote_addr ~ 94.156.58.138) {
autoindex on;
}
# Subdomains
if ($host ~* (.*)\.site\.org$) {
set $myroot $mysubd/$1;
}
# Static files
# location ~* \.(jpg|jpeg|gif|css|png|js|ico)$ {
# access_log off;
# expires 30d;
# }
location / {
root $myroot;
index index.php index.html index.htm;
}
# PHP
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $myroot$fastcgi_script_name;
include fastcgi_params;
}
# .Htaccess
location ~ /\.ht {
deny all;
}
}
I forgot to mention that when i add the code to remove static files from my access log, the static files cannot be accessed. I don't know if it's relevant :)
It's possible to do this in a fairly hacky way by using a version of the technique described here by Endre Szabó.
Essentially it's to enable autoindex unconditionally (I don't believe there is currently any other way to enable it) and then to forbid access to directories where there is no index.html present, unless the requesting IP address matches the specific one defined in the configuration.
Try doing it like this: