This is rather interesting Guys! I have the following code in one of my webapplications NginX configuration:
location /login {
#access_log off;
proxy_pass https://public;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-SSL-Client-Verify $ssl_client_verify;
proxy_set_header X-Client-S-DN $ssl_client_s_dn;
allow 10.0.0.31;
deny all;
}
As you can see, I wish to deny all connections to the login interface but one IP address. This works like a charm and shows standard NginX 403 error message when I try to connect from another IP. Now comes the kicker. If I add a custom error message line THE WHOLE ALLOW/DENY OPTION IS BEING IGNORED!
I added:
error_page 403 /40x.html;
OFC I've created a custom file to /usr/shar/nginx/html
and the file exists. There is no error message in NginX but if I add the upper line to the webapplication config (or to the standard nginx.conf, doesn't matter) the rules I've set for allowed IPs and deny all
is being ignored completely. What gives? Anyone has any idea how to give the users a custom NginX error page and keep the allow & deny options?
OK, the sollution was to create not just a custom error page option, but an error page location as well. So I just had to add:
And voile... Damn it NginX! Why do you disappoint me so many times? :D