Magento NGINX allow IP/deny all for downloader folder Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Magento Admin Nginx 404Magento 2 how to configure Nginx to allow execute other php files in root folderMagento completely broken: Call to a member function getCode() on boolean & There was no 404 CMS page configured or foundToo many redirects mobile version onlyProducts not found: multi-storeview in subdirectoriesCache Control for magento & Nginx advice500 Internal Server Error nginx/1.12.0 on checkout page after Migration from Apache to NginxNew install on EC2 rewrite issuesNginx auth off whole folderStatic Content 404 with Magento 2 and Nginx

Output the ŋarâþ crîþ alphabet song without using (m)any letters

iPhone Wallpaper?

How to recreate this effect in Photoshop?

Is it ethical to give a final exam after the professor has quit before teaching the remaining chapters of the course?

Is the Standard Deduction better than Itemized when both are the same amount?

How to find all the available tools in macOS terminal?

When to stop saving and start investing?

Why did the IBM 650 use bi-quinary?

What is this single-engine low-wing propeller plane?

Single word antonym of "flightless"

How can I fade player character when he goes inside or outside of the area?

Is there a concise way to say "all of the X, one of each"?

Is it true that "carbohydrates are of no use for the basal metabolic need"?

Can inflation occur in a positive-sum game currency system such as the Stack Exchange reputation system?

What's the difference between `auto x = vector<int>()` and `vector<int> x`?

What LEGO pieces have "real-world" functionality?

How to do this path/lattice with tikz

What's the purpose of writing one's academic bio in 3rd person?

Is 1 ppb equal to 1 μg/kg?

Why aren't air breathing engines used as small first stages

3 doors, three guards, one stone

How discoverable are IPv6 addresses and AAAA names by potential attackers?

Proof involving the spectral radius and the Jordan canonical form

Were Kohanim forbidden from serving in King David's army?



Magento NGINX allow IP/deny all for downloader folder



Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Announcing the arrival of Valued Associate #679: Cesar Manara
Unicorn Meta Zoo #1: Why another podcast?Magento Admin Nginx 404Magento 2 how to configure Nginx to allow execute other php files in root folderMagento completely broken: Call to a member function getCode() on boolean & There was no 404 CMS page configured or foundToo many redirects mobile version onlyProducts not found: multi-storeview in subdirectoriesCache Control for magento & Nginx advice500 Internal Server Error nginx/1.12.0 on checkout page after Migration from Apache to NginxNew install on EC2 rewrite issuesNginx auth off whole folderStatic Content 404 with Magento 2 and Nginx



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








3















I'm having a problem allowing my IP address access to the downloader folder when using nginx to deny all other IP's. Any ideas where I'm going wrong with the below? I've tried with my IPv4 and IPv6 address, neither works and results in a 403 forbidden.
(Domain and IP I've replaced for security)



 server 
 listen 80 default;

 root /var/www/mywebsiteaddress.co.uk/httpdocs;
 server_name mywebsiteaddress.co.uk;

 location / 
 index index.html index.php;
 # First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ @handler;
 

 ## These locations would be hidden by .htaccess normally
 location ^~ /app/ deny all; 
 location ^~ /includes/ deny all; 
 location ^~ /lib/ deny all; 
 location ^~ /media/downloadable/ deny all; 
 location ^~ /pkginfo/ deny all; 
 location ^~ /report/config.xml deny all; 
 location ^~ /var/ deny all; 
 location ^~ /downloader/ allow 123.456.789.0; deny all; 


 location /var/export/ ## Allow admins only to view export folder
 auth_basic "Restricted"; ## Message shown in login window
 auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
 autoindex on;
 

 location /. ## Disable .htaccess and other hidden files
 return 404;
 

 location @handler ## Magento uses a common front handler
 rewrite / /index.php;
 

 location ~ .php/ ## Forward paths like /js/index.php/x.js to relevant handler
 rewrite ^(.*.php)/ $1 last;
 

 location ~ .php$ 
 if (!-e $request_filename) rewrite / /index.php last; ## Catch 404s that try_files miss

 expires off; ## Do not cache dynamic content
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
 fastcgi_param MAGE_RUN_TYPE store;
 include fastcgi_params;






magento-1.9 nginx







share|improve this question














bumped to the homepage by Community 25 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • do you see your ip address in access log?

    – MagenX
    May 3 '16 at 15:25

















3















I'm having a problem allowing my IP address access to the downloader folder when using nginx to deny all other IP's. Any ideas where I'm going wrong with the below? I've tried with my IPv4 and IPv6 address, neither works and results in a 403 forbidden.
(Domain and IP I've replaced for security)



 server 
 listen 80 default;

 root /var/www/mywebsiteaddress.co.uk/httpdocs;
 server_name mywebsiteaddress.co.uk;

 location / 
 index index.html index.php;
 # First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ @handler;
 

 ## These locations would be hidden by .htaccess normally
 location ^~ /app/ deny all; 
 location ^~ /includes/ deny all; 
 location ^~ /lib/ deny all; 
 location ^~ /media/downloadable/ deny all; 
 location ^~ /pkginfo/ deny all; 
 location ^~ /report/config.xml deny all; 
 location ^~ /var/ deny all; 
 location ^~ /downloader/ allow 123.456.789.0; deny all; 


 location /var/export/ ## Allow admins only to view export folder
 auth_basic "Restricted"; ## Message shown in login window
 auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
 autoindex on;
 

 location /. ## Disable .htaccess and other hidden files
 return 404;
 

 location @handler ## Magento uses a common front handler
 rewrite / /index.php;
 

 location ~ .php/ ## Forward paths like /js/index.php/x.js to relevant handler
 rewrite ^(.*.php)/ $1 last;
 

 location ~ .php$ 
 if (!-e $request_filename) rewrite / /index.php last; ## Catch 404s that try_files miss

 expires off; ## Do not cache dynamic content
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
 fastcgi_param MAGE_RUN_TYPE store;
 include fastcgi_params;






magento-1.9 nginx







share|improve this question














bumped to the homepage by Community 25 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • do you see your ip address in access log?

    – MagenX
    May 3 '16 at 15:25













3












3








3








I'm having a problem allowing my IP address access to the downloader folder when using nginx to deny all other IP's. Any ideas where I'm going wrong with the below? I've tried with my IPv4 and IPv6 address, neither works and results in a 403 forbidden.
(Domain and IP I've replaced for security)



 server 
 listen 80 default;

 root /var/www/mywebsiteaddress.co.uk/httpdocs;
 server_name mywebsiteaddress.co.uk;

 location / 
 index index.html index.php;
 # First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ @handler;
 

 ## These locations would be hidden by .htaccess normally
 location ^~ /app/ deny all; 
 location ^~ /includes/ deny all; 
 location ^~ /lib/ deny all; 
 location ^~ /media/downloadable/ deny all; 
 location ^~ /pkginfo/ deny all; 
 location ^~ /report/config.xml deny all; 
 location ^~ /var/ deny all; 
 location ^~ /downloader/ allow 123.456.789.0; deny all; 


 location /var/export/ ## Allow admins only to view export folder
 auth_basic "Restricted"; ## Message shown in login window
 auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
 autoindex on;
 

 location /. ## Disable .htaccess and other hidden files
 return 404;
 

 location @handler ## Magento uses a common front handler
 rewrite / /index.php;
 

 location ~ .php/ ## Forward paths like /js/index.php/x.js to relevant handler
 rewrite ^(.*.php)/ $1 last;
 

 location ~ .php$ 
 if (!-e $request_filename) rewrite / /index.php last; ## Catch 404s that try_files miss

 expires off; ## Do not cache dynamic content
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
 fastcgi_param MAGE_RUN_TYPE store;
 include fastcgi_params;






magento-1.9 nginx







share|improve this question














I'm having a problem allowing my IP address access to the downloader folder when using nginx to deny all other IP's. Any ideas where I'm going wrong with the below? I've tried with my IPv4 and IPv6 address, neither works and results in a 403 forbidden.
(Domain and IP I've replaced for security)



 server 
 listen 80 default;

 root /var/www/mywebsiteaddress.co.uk/httpdocs;
 server_name mywebsiteaddress.co.uk;

 location / 
 index index.html index.php;
 # First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ @handler;
 

 ## These locations would be hidden by .htaccess normally
 location ^~ /app/ deny all; 
 location ^~ /includes/ deny all; 
 location ^~ /lib/ deny all; 
 location ^~ /media/downloadable/ deny all; 
 location ^~ /pkginfo/ deny all; 
 location ^~ /report/config.xml deny all; 
 location ^~ /var/ deny all; 
 location ^~ /downloader/ allow 123.456.789.0; deny all; 


 location /var/export/ ## Allow admins only to view export folder
 auth_basic "Restricted"; ## Message shown in login window
 auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
 autoindex on;
 

 location /. ## Disable .htaccess and other hidden files
 return 404;
 

 location @handler ## Magento uses a common front handler
 rewrite / /index.php;
 

 location ~ .php/ ## Forward paths like /js/index.php/x.js to relevant handler
 rewrite ^(.*.php)/ $1 last;
 

 location ~ .php$ 
 if (!-e $request_filename) rewrite / /index.php last; ## Catch 404s that try_files miss

 expires off; ## Do not cache dynamic content
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
 fastcgi_param MAGE_RUN_TYPE store;
 include fastcgi_params;






magento-1.9 nginx




magento-1.9 nginx






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Apr 28 '16 at 15:48









ChrisChris

509




509





bumped to the homepage by Community 25 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 25 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.














  • do you see your ip address in access log?

    – MagenX
    May 3 '16 at 15:25

















  • do you see your ip address in access log?

    – MagenX
    May 3 '16 at 15:25
















do you see your ip address in access log?

– MagenX
May 3 '16 at 15:25





do you see your ip address in access log?

– MagenX
May 3 '16 at 15:25










1 Answer
1






active

oldest

votes


















0














I know this i an old post, but we block access to magmi like this:



 location ~* ^/(index.php/)?magmi {

 include includes/admin-ips;

 deny all;


With admin-ips being a text file with a list of ipaddress eg:



allow **.***.**.**/32;





share|improve this answer























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "479"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f113163%2fmagento-nginx-allow-ip-deny-all-for-downloader-folder%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    I know this i an old post, but we block access to magmi like this:



     location ~* ^/(index.php/)?magmi {

     include includes/admin-ips;

     deny all;


    With admin-ips being a text file with a list of ipaddress eg:



    allow **.***.**.**/32;





    share|improve this answer



























      0














      I know this i an old post, but we block access to magmi like this:



       location ~* ^/(index.php/)?magmi {

       include includes/admin-ips;

       deny all;


      With admin-ips being a text file with a list of ipaddress eg:



      allow **.***.**.**/32;





      share|improve this answer

























        0












        0








        0







        I know this i an old post, but we block access to magmi like this:



         location ~* ^/(index.php/)?magmi {

         include includes/admin-ips;

         deny all;


        With admin-ips being a text file with a list of ipaddress eg:



        allow **.***.**.**/32;





        share|improve this answer













        I know this i an old post, but we block access to magmi like this:



         location ~* ^/(index.php/)?magmi {

         include includes/admin-ips;

         deny all;


        With admin-ips being a text file with a list of ipaddress eg:



        allow **.***.**.**/32;






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Mar 8 '17 at 16:20









        PaddyDPaddyD

        104114




        104114



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Magento Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f113163%2fmagento-nginx-allow-ip-deny-all-for-downloader-folder%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            کانن (شرکت) محتویات تاریخچه[ویرایش] بخشی از تولیدات موفق این شرکت[ویرایش] در رده APS-C[ویرایش] گزارش محیط زیست[ویرایش] رده‌بندی محصولات[ویرایش] منابع[ویرایش] پانویس[ویرایش] پیوند به بیرون[ویرایش] منوی ناوبریwww.canon.comموزه آنلاین دوربین‌های کانننمودار تاریخچه سهام کاننوبگاه رسمی شرکت کاننوووووIDC Worldwide Hardcopy 2013

            Image
            آبجوسازی آساهیآبجوسازی ساپوروآجینوموتوآساهی کاسیآل نیپون ایرویزآلپس الکتریکآماداآوزورا بانکآیسین سیکوآی‌اچ‌آیابارا کورپوریشنادونتستاستلاسالمپوسان‌ای‌سیان‌تی‌تی دوکوموان‌تی‌تی دیتااوبایاشیاوبه اینداستریزاوجی پیپراوساکا گساوکی الکتریک اینداستریایتاچوایزایایسوزواینپکسبانک یوکوهامابریجستونپاناسونیکپایونیرتاکاشیمایاتاکداتایو یودنتایسیترند میکروتنباکوی ژاپنتوپانتوتوتورایتوشیباتوکیو الکترونتوکیو دمتوکیو گستوکیو مارینتوهوتویوتاتویوتا بوشوکاتویوتا سوشوتیجینت د کجی‌اف‌ایجی‌اکس هولدینگزجی‌تکتچوبو الکتریک پاورچیبا بانکچیودا کورپوریشندای نیپون پرینتینگدای-ایچی لایفدایچی سانکیودایکینداینیپون سومیتومو فارمادایوا سکوریتیزدایوا هاوسدنتسودنسورسونارویال داچ شلریکوسافت‌بانکسکیسویی هاوسسوبارو کورپوریشنسوجیتزسوزوکیگروه سومیتوموسومیتومو الکتریکسومیتومو کمیکالسومیتومو اوساکا سمنتسومیتومو کورپوریشنسومیتومو متالسومیتومو رابرسومیتومو میتسویی تراستسون اند آیسونیسیتیزنسیکامشارپشرکت آساهی گلسشرکت راه‌آهن اوداکیوشرکت راه‌آهن توبوشرکت راه‌آهن توکیوشرکت راه‌آهن شرق ژاپنشرکت راه‌آهن غرب ژاپنشرکت راه‌آهن کیئوشرکت راه‌آه
            Read more

            Rest API with Magento using PHP with example. Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?How to update product using magento client library for PHP?Oauth Error while extending Magento Rest APINot showing my custom api in wsdl(url) and web service list?Using Magento API(REST) via IXMLHTTPRequest COM ObjectHow to login in Magento website using REST APIREST api call for Guest userMagento API calling using HTML and javascriptUse API rest media management by storeView code (admin)Magento REST API Example ErrorsHow to log all rest api calls in magento2?How to update product using magento client library for PHP?

            Image
            How to bypass password on Windows XP account? Apollo command module space walk? Why was the term "discrete" used in discrete logarithm? How do pianists reach extremely loud dynamics? Why am I getting the error "non-boolean type specified in a context where a condition is expected" for this request? What causes the vertical darker bands in my photo? Why is "Consequences inflicted." not a sentence? Identify plant with long narrow paired leaves and reddish stems What is the logic behind the Maharil's explanation of why we don't say שעשה ניסים on Pesach? What is the role of the transistor and diode in a soft start circuit? Why did the Falcon Heavy center core fall off the ASDS OCISLY barge? Book where humans were engineered with genes from animal species to survive hostile planets How does the particle を relate to the verb 行く in the structure「A を + B に行く」? What would be the ideal power source for a cybernetic eye? Check whic
            Read more

            Magento 2 - Auto login with specific URL Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Customer can't login - Page refreshes but nothing happensCustom Login page redirectURL to login with redirect URL after completionCustomer login is case sensitiveLogin with phone number or email address - Magento 1.9Magento 2: Set Customer Account Confirmation StatusCustomer auto connect from URLHow to call customer login form in the custom module action magento 2?Change of customer login error message magento2Referrer URL in modal login form

            Image
            Did John Wesley plagiarize Matthew Henry...? Proving that any solution to the differential equation of an oscillator can be written as a sum of sinusoids. Pointing to problems without suggesting solutions Short story about astronauts fertilizing soil with their own bodies Searching extreme points of polyhedron By what mechanism was the 2017 UK General Election called? How to get a flat-head nail out of a piece of wood? Why does BitLocker not use RSA? Was the pager message from Nick Fury to Captain Marvel unnecessary? Does the main washing effect of soap come from foam? 3D Masyu - A Die Why are current probes so expensive? How to resize main filesystem Flight departed from the gate 5 min before scheduled departure time. Refund options Marquee sign letters Is a copyright notice with a non-existent name be invalid? What does Sonny Burch mean by, "S.H.I.E.L.D. and HYDRA don't even exist anymore"? How does Billy Russo acquire his 'Jigsaw&#
            Read more