Magento NGINX allow IP/deny all for downloader folder Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Magento Admin Nginx 404Magento 2 how to configure Nginx to allow execute other php files in root folderMagento completely broken: Call to a member function getCode() on boolean & There was no 404 CMS page configured or foundToo many redirects mobile version onlyProducts not found: multi-storeview in subdirectoriesCache Control for magento & Nginx advice500 Internal Server Error nginx/1.12.0 on checkout page after Migration from Apache to NginxNew install on EC2 rewrite issuesNginx auth off whole folderStatic Content 404 with Magento 2 and Nginx

Is 1 ppb equal to 1 μg/kg?

Right-skewed distribution with mean equals to mode?

Why did the IBM 650 use bi-quinary?

Is the address of a local variable a constexpr?

Storing hydrofluoric acid before the invention of plastics

When to stop saving and start investing?

What do you call a phrase that's not an idiom yet?

What would be the ideal power source for a cybernetic eye?

What LEGO pieces have "real-world" functionality?

Diagram with tikz

Proof involving the spectral radius and the Jordan canonical form

Bonus calculation: Am I making a mountain out of a molehill?

If a contract sometimes uses the wrong name, is it still valid?

Is there any avatar supposed to be born between the death of Krishna and the birth of Kalki?

How do I mention the quality of my school without bragging

Why is "Captain Marvel" translated as male in Portugal?

Why does Python start at index -1 when indexing a list from the end?

How can I fade player character when he goes inside or outside of the area?

What is the musical term for a note that continously plays through a melody?

When -s is used with third person singular. What's its use in this context?

Why are there no cargo aircraft with "flying wing" design?

Using et al. for a last / senior author rather than for a first author

Gastric acid as a weapon

Super Attribute Position on Product Page Magento 1



Magento NGINX allow IP/deny all for downloader folder



Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Announcing the arrival of Valued Associate #679: Cesar Manara
Unicorn Meta Zoo #1: Why another podcast?Magento Admin Nginx 404Magento 2 how to configure Nginx to allow execute other php files in root folderMagento completely broken: Call to a member function getCode() on boolean & There was no 404 CMS page configured or foundToo many redirects mobile version onlyProducts not found: multi-storeview in subdirectoriesCache Control for magento & Nginx advice500 Internal Server Error nginx/1.12.0 on checkout page after Migration from Apache to NginxNew install on EC2 rewrite issuesNginx auth off whole folderStatic Content 404 with Magento 2 and Nginx



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








3















I'm having a problem allowing my IP address access to the downloader folder when using nginx to deny all other IP's. Any ideas where I'm going wrong with the below? I've tried with my IPv4 and IPv6 address, neither works and results in a 403 forbidden.
(Domain and IP I've replaced for security)



 server 
 listen 80 default;

 root /var/www/mywebsiteaddress.co.uk/httpdocs;
 server_name mywebsiteaddress.co.uk;

 location / 
 index index.html index.php;
 # First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ @handler;
 

 ## These locations would be hidden by .htaccess normally
 location ^~ /app/ deny all; 
 location ^~ /includes/ deny all; 
 location ^~ /lib/ deny all; 
 location ^~ /media/downloadable/ deny all; 
 location ^~ /pkginfo/ deny all; 
 location ^~ /report/config.xml deny all; 
 location ^~ /var/ deny all; 
 location ^~ /downloader/ allow 123.456.789.0; deny all; 


 location /var/export/ ## Allow admins only to view export folder
 auth_basic "Restricted"; ## Message shown in login window
 auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
 autoindex on;
 

 location /. ## Disable .htaccess and other hidden files
 return 404;
 

 location @handler ## Magento uses a common front handler
 rewrite / /index.php;
 

 location ~ .php/ ## Forward paths like /js/index.php/x.js to relevant handler
 rewrite ^(.*.php)/ $1 last;
 

 location ~ .php$ 
 if (!-e $request_filename) rewrite / /index.php last; ## Catch 404s that try_files miss

 expires off; ## Do not cache dynamic content
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
 fastcgi_param MAGE_RUN_TYPE store;
 include fastcgi_params;






magento-1.9 nginx







share|improve this question














bumped to the homepage by Community 21 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • do you see your ip address in access log?

    – MagenX
    May 3 '16 at 15:25

















3















I'm having a problem allowing my IP address access to the downloader folder when using nginx to deny all other IP's. Any ideas where I'm going wrong with the below? I've tried with my IPv4 and IPv6 address, neither works and results in a 403 forbidden.
(Domain and IP I've replaced for security)



 server 
 listen 80 default;

 root /var/www/mywebsiteaddress.co.uk/httpdocs;
 server_name mywebsiteaddress.co.uk;

 location / 
 index index.html index.php;
 # First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ @handler;
 

 ## These locations would be hidden by .htaccess normally
 location ^~ /app/ deny all; 
 location ^~ /includes/ deny all; 
 location ^~ /lib/ deny all; 
 location ^~ /media/downloadable/ deny all; 
 location ^~ /pkginfo/ deny all; 
 location ^~ /report/config.xml deny all; 
 location ^~ /var/ deny all; 
 location ^~ /downloader/ allow 123.456.789.0; deny all; 


 location /var/export/ ## Allow admins only to view export folder
 auth_basic "Restricted"; ## Message shown in login window
 auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
 autoindex on;
 

 location /. ## Disable .htaccess and other hidden files
 return 404;
 

 location @handler ## Magento uses a common front handler
 rewrite / /index.php;
 

 location ~ .php/ ## Forward paths like /js/index.php/x.js to relevant handler
 rewrite ^(.*.php)/ $1 last;
 

 location ~ .php$ 
 if (!-e $request_filename) rewrite / /index.php last; ## Catch 404s that try_files miss

 expires off; ## Do not cache dynamic content
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
 fastcgi_param MAGE_RUN_TYPE store;
 include fastcgi_params;






magento-1.9 nginx







share|improve this question














bumped to the homepage by Community 21 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • do you see your ip address in access log?

    – MagenX
    May 3 '16 at 15:25













3












3








3








I'm having a problem allowing my IP address access to the downloader folder when using nginx to deny all other IP's. Any ideas where I'm going wrong with the below? I've tried with my IPv4 and IPv6 address, neither works and results in a 403 forbidden.
(Domain and IP I've replaced for security)



 server 
 listen 80 default;

 root /var/www/mywebsiteaddress.co.uk/httpdocs;
 server_name mywebsiteaddress.co.uk;

 location / 
 index index.html index.php;
 # First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ @handler;
 

 ## These locations would be hidden by .htaccess normally
 location ^~ /app/ deny all; 
 location ^~ /includes/ deny all; 
 location ^~ /lib/ deny all; 
 location ^~ /media/downloadable/ deny all; 
 location ^~ /pkginfo/ deny all; 
 location ^~ /report/config.xml deny all; 
 location ^~ /var/ deny all; 
 location ^~ /downloader/ allow 123.456.789.0; deny all; 


 location /var/export/ ## Allow admins only to view export folder
 auth_basic "Restricted"; ## Message shown in login window
 auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
 autoindex on;
 

 location /. ## Disable .htaccess and other hidden files
 return 404;
 

 location @handler ## Magento uses a common front handler
 rewrite / /index.php;
 

 location ~ .php/ ## Forward paths like /js/index.php/x.js to relevant handler
 rewrite ^(.*.php)/ $1 last;
 

 location ~ .php$ 
 if (!-e $request_filename) rewrite / /index.php last; ## Catch 404s that try_files miss

 expires off; ## Do not cache dynamic content
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
 fastcgi_param MAGE_RUN_TYPE store;
 include fastcgi_params;






magento-1.9 nginx







share|improve this question














I'm having a problem allowing my IP address access to the downloader folder when using nginx to deny all other IP's. Any ideas where I'm going wrong with the below? I've tried with my IPv4 and IPv6 address, neither works and results in a 403 forbidden.
(Domain and IP I've replaced for security)



 server 
 listen 80 default;

 root /var/www/mywebsiteaddress.co.uk/httpdocs;
 server_name mywebsiteaddress.co.uk;

 location / 
 index index.html index.php;
 # First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ @handler;
 

 ## These locations would be hidden by .htaccess normally
 location ^~ /app/ deny all; 
 location ^~ /includes/ deny all; 
 location ^~ /lib/ deny all; 
 location ^~ /media/downloadable/ deny all; 
 location ^~ /pkginfo/ deny all; 
 location ^~ /report/config.xml deny all; 
 location ^~ /var/ deny all; 
 location ^~ /downloader/ allow 123.456.789.0; deny all; 


 location /var/export/ ## Allow admins only to view export folder
 auth_basic "Restricted"; ## Message shown in login window
 auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
 autoindex on;
 

 location /. ## Disable .htaccess and other hidden files
 return 404;
 

 location @handler ## Magento uses a common front handler
 rewrite / /index.php;
 

 location ~ .php/ ## Forward paths like /js/index.php/x.js to relevant handler
 rewrite ^(.*.php)/ $1 last;
 

 location ~ .php$ 
 if (!-e $request_filename) rewrite / /index.php last; ## Catch 404s that try_files miss

 expires off; ## Do not cache dynamic content
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
 fastcgi_param MAGE_RUN_TYPE store;
 include fastcgi_params;






magento-1.9 nginx




magento-1.9 nginx






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Apr 28 '16 at 15:48









ChrisChris

509




509





bumped to the homepage by Community 21 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 21 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.














  • do you see your ip address in access log?

    – MagenX
    May 3 '16 at 15:25

















  • do you see your ip address in access log?

    – MagenX
    May 3 '16 at 15:25
















do you see your ip address in access log?

– MagenX
May 3 '16 at 15:25





do you see your ip address in access log?

– MagenX
May 3 '16 at 15:25










1 Answer
1






active

oldest

votes


















0














I know this i an old post, but we block access to magmi like this:



 location ~* ^/(index.php/)?magmi {

 include includes/admin-ips;

 deny all;


With admin-ips being a text file with a list of ipaddress eg:



allow **.***.**.**/32;





share|improve this answer























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "479"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f113163%2fmagento-nginx-allow-ip-deny-all-for-downloader-folder%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    I know this i an old post, but we block access to magmi like this:



     location ~* ^/(index.php/)?magmi {

     include includes/admin-ips;

     deny all;


    With admin-ips being a text file with a list of ipaddress eg:



    allow **.***.**.**/32;





    share|improve this answer



























      0














      I know this i an old post, but we block access to magmi like this:



       location ~* ^/(index.php/)?magmi {

       include includes/admin-ips;

       deny all;


      With admin-ips being a text file with a list of ipaddress eg:



      allow **.***.**.**/32;





      share|improve this answer

























        0












        0








        0







        I know this i an old post, but we block access to magmi like this:



         location ~* ^/(index.php/)?magmi {

         include includes/admin-ips;

         deny all;


        With admin-ips being a text file with a list of ipaddress eg:



        allow **.***.**.**/32;





        share|improve this answer













        I know this i an old post, but we block access to magmi like this:



         location ~* ^/(index.php/)?magmi {

         include includes/admin-ips;

         deny all;


        With admin-ips being a text file with a list of ipaddress eg:



        allow **.***.**.**/32;






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Mar 8 '17 at 16:20









        PaddyDPaddyD

        104114




        104114



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Magento Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f113163%2fmagento-nginx-allow-ip-deny-all-for-downloader-folder%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Magento 2 duplicate PHPSESSID cookie when using session_start() in custom php scriptMagento 2: User cant logged in into to account page, no error showing!Magento duplicate on subdomainGrabbing storeview from cookie (after using language selector)How do I run php custom script on magento2Magento 2: Include PHP script in headerSession lock after using Cm_RedisSessionscript php to update stockMagento set cookie popupMagento 2 session id cookie - where to find it?How to import Configurable product from csv with custom attributes using php scriptMagento 2 run custom PHP script

            Image
            In the late 1940’s to early 1950’s what technology was available that could melt a LOT of ice? "One can do his homework in the library" Setting correct UTM zone Time travel short story where dinosaur doesn't taste like chicken Do Bugbears' arms literally get longer when it's their turn? Offered promotion but I'm leaving. Should I tell? Subset counting for even numbers The difference between 時 and 時は String reversal in Python Good allowance savings plan? Do f-stop and exposure time perfectly cancel? What are some noteworthy "mic-drop" moments in math? They call me Inspector Morse Do I really need to have a scientific explanation for my premise? Make a transparent 448*448 image Could a cubesat propel itself to Mars? What is the chance of making a successful appeal to dismissal decision from a PhD program after failing the qualifying exam in the 2nd attempt? Could a cubesat be propelled to the moon? the return of Stri
            Read more

            Can not update quote_id field of “quote_item” table magento 2Magento 2.1 - We can't remove the item. (Shopping Cart doesnt allow us to remove items before becomes empty)Add value for custom quote item attribute using REST apiREST API endpoint v1/carts/cartId/items always returns error messageCorrect way to save entries to databaseHow to remove all associated quote objects of a customer completelyMagento 2 - Save value from custom input field to quote_itemGet quote_item data using quote id and product id filter in Magento 2How to set additional data to quote_item table from controller in Magento 2?What is the purpose of additional_data column in quote_item table in magento2Set Custom Price to Quote item magento2 from controller

            Image
            iPad being using in wall mount battery swollen Should I cover my bicycle overnight while bikepacking? Do UK voters know if their MP will be the Speaker of the House? Why can't we play rap on piano? Plagiarism or not? Why didn't Miles's spider sense work before? How to tell a function to use the default argument values? Short story with a alien planet, government officials must wear exploding medallions If human space travel is limited by the G force vulnerability, is there a way to counter G forces? What about the virus in 12 Monkeys? Is it acceptable for a professor to tell male students to not think that they are smarter than female students? Avoiding the "not like other girls" trope? Apex Framework / library for consuming REST services Is there an expression that means doing something right before you will need it rather than doing it in case you might need it? Method Does Not Exist error message How to show a landlord what we have
            Read more

            How to solve knockout JS error in Magento 2 Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?(Magento2) knockout.js:3012 Uncaught ReferenceError: Unable to process bindingUnable to process binding Knockout.js magento 2Cannot read property `scopeLabel` of undefined on Product Detail PageCan't get Customer Data on frontend in Magento 2Magento2 Order Summary - unable to process bindingKO templates are not loading in Magento 2.1 applicationgetting knockout js error magento 2Product grid not load -— Unable to process binding Knockout.js magento 2Product form not loaded in magento2Uncaught ReferenceError: Unable to process binding “if: function()return (isShowLegend()) ” magento 2

            Image
            Does the Pact of the Blade warlock feature allow me to customize the properties of the pact weapon I create? Why isn't everyone flabbergasted about Bran's "gift"? Paektu / Changbai border dispute — why does the BBC shade a large area around the mountain? Is it OK if I do not take the receipt in Germany? How to ask rejected full-time candidates to apply to teach individual courses? /bin/ls sorts differently than just ls What *exactly* is electrical current, voltage, and resistance? Coin Game with infinite paradox Diffie-Hellman with non-prime modulus Example of a central simple algebra Etymology of 見舞い Lights are flickering on and off after accidentally bumping into light switch A journey... into the MIND How to calculate density of unknown planet? How to produce a PS1 prompt in bash or ksh93 similar to tcsh What's the connection between Mr. Nancy and fried chicken? How can I delete rows in the text? How is it possible to implement
            Read more