Nginx conflicting with Apache security configuration?
<directory ~="" "="" var="" www="" .*="" wp-admin"="">Order deny,allow
Deny from all
Allow from *.*.*</directory>
With a few IP blocks set up to allow access for me from my ISP (which happily changes my IP more than a narcissist looks at himself in the mirror, but anywho).
It seems that these rules are now voided since I finally got around to setting up an nginx proxy. I'm assuming Apache is only seeing the IP address that nginx is sending from (rpaf is set up and working).
Can I do this from nginx.conf?
location ~* wp-admin/?$ {
allow *.*.*
deny all
}
Is this right? Can I place it outside of server { } so it takes effect globally?
8 Replies
It's not going to kill me to recreate my current setup but I wish I didn't have to.
server {
listen 69.164.207.5:80;
limit_conn gulag 5;
server_name mark.watero.us;
access_log /var/log/nginx/assets.access.log;
location ~* \.(js|css|rdf|xml|ico|txt|gif|jpg|png|jpeg)$ {
root /var/www/watero.us/mark/;
index index.html;
expires max;
}
location / {
proxy_pass http://69.164.193.193:80/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
… and here's my rpaf:
<ifmodule mod_rpaf.c="">RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 69.164.207.5 192.168.*.*</ifmodule>
Since both IPs are on the same node, I wasn't sure if I actually needed to put anything there other than localhost, but I did anyways.
Both nginx and apache have been restarted ( a few times ) since these configurations were added.
RPAFproxy_ips 127.0.0.1
Also if you're apache isn't accepting connections from the outside world you can happily restrict it to listening on 127.0.0.1
I have to get my dollars worth on that second IP.