I have a site running on Nginx (v1.0.14) serving as reverse proxy which proxies requests to Apache (v2.2.19). So Nginx runs on port 80, Apache is on 8080.
Overall site works fine except that i cannot block access to certain directories with .htaccess file.
For example i have 'my-protected-directory' on 'www.site.com' Inside it i have htaccess with following code:
<Files *>
order deny,allow
deny from all
allow from 1.2.3.4 <--- my ip address here
</Files>
When i try to access this page with my ip (1.2.3.4) i get 404 error which is not what i expect:
http://www.site.com/my-protected-directory
However everything works as expected when this page is served directly by Apache. I can see this page, everyone else can't.
http://www.site.com:8080/my-protected-directory
Update. Nginx config (7.1.3.7 is site ip.):
user apache;
worker_processes 4;
error_log logs/error.log;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_min_length 1024;
gzip_http_version 1.1;
gzip_proxied any;
gzip_comp_level 5;
gzip_types text/plain text/css
application/x-javascript text/xml
application/xml application/xml+rss
text/javascript image/x-icon;
server {
listen 80;
server_name www.site.com site.com 7.1.3.7;
access_log logs/host.access.log main;
# serve static files
location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
root /var/www/vhosts/www.site.com/httpdocs;
proxy_set_header Range "";
expires 30d;
}
# pass requests for dynamic content to Apache
location / {
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Range "";
proxy_pass http://7.1.3.7:8080;
}
}
Update 2: mod_rpaf is installed and ip address get determined correctly
Could please anyone tell me what is wrong and how this can be fixed ?
If nginx is proxying to apache, then the connection to apache is coming from nginx, not coming from you, and thus your IP never enters the equation.
You can set an environment variable based on your original IP (which will be stored in the x-forwarded-for header), and then allow requests with that variable set:
I have managed to resolve this issue. The problem was in Rpaf module which under some condition works incorrectly. By 'conditions' i mean Apache version and OS. (Mine was Apache 2.2 on CentOS)
Anyway, to fix this you should disable rpaf module and install it's patched version from here: mod_realip2
Installation is clear and simple. Hope this helps someone because i have spent hours and hours looking for resolution.
You can try to add into nginx' server section
error_log <path> debug;
, run the request and see how is it parsed against location rules. Sometime it is not that obvious...You placed the
root
directive underlocation
instead ofserver
. This is one of the most common nginx misconfigurations. And in this case it will be directly responsible for your 404 error.