Magento NGINX allow IP/deny all for downloader folder Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?Magento Admin Nginx 404Magento 2 how to configure Nginx to allow execute other php files in root folderMagento completely broken: Call to a member function getCode() on boolean & There was no 404 CMS page configured or foundToo many redirects mobile version onlyProducts not found: multi-storeview in subdirectoriesCache Control for magento & Nginx advice500 Internal Server Error nginx/1.12.0 on checkout page after Migration from Apache to NginxNew install on EC2 rewrite issuesNginx auth off whole folderStatic Content 404 with Magento 2 and Nginx

Is 1 ppb equal to 1 μg/kg?

Right-skewed distribution with mean equals to mode?

Why did the IBM 650 use bi-quinary?

Is the address of a local variable a constexpr?

Storing hydrofluoric acid before the invention of plastics

When to stop saving and start investing?

What do you call a phrase that's not an idiom yet?

What would be the ideal power source for a cybernetic eye?

What LEGO pieces have "real-world" functionality?

Diagram with tikz

Proof involving the spectral radius and the Jordan canonical form

Bonus calculation: Am I making a mountain out of a molehill?

If a contract sometimes uses the wrong name, is it still valid?

Is there any avatar supposed to be born between the death of Krishna and the birth of Kalki?

How do I mention the quality of my school without bragging

Why is "Captain Marvel" translated as male in Portugal?

Why does Python start at index -1 when indexing a list from the end?

How can I fade player character when he goes inside or outside of the area?

What is the musical term for a note that continously plays through a melody?

When -s is used with third person singular. What's its use in this context?

Why are there no cargo aircraft with "flying wing" design?

Using et al. for a last / senior author rather than for a first author

Gastric acid as a weapon

Super Attribute Position on Product Page Magento 1



Magento NGINX allow IP/deny all for downloader folder



Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
Announcing the arrival of Valued Associate #679: Cesar Manara
Unicorn Meta Zoo #1: Why another podcast?Magento Admin Nginx 404Magento 2 how to configure Nginx to allow execute other php files in root folderMagento completely broken: Call to a member function getCode() on boolean & There was no 404 CMS page configured or foundToo many redirects mobile version onlyProducts not found: multi-storeview in subdirectoriesCache Control for magento & Nginx advice500 Internal Server Error nginx/1.12.0 on checkout page after Migration from Apache to NginxNew install on EC2 rewrite issuesNginx auth off whole folderStatic Content 404 with Magento 2 and Nginx



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








3















I'm having a problem allowing my IP address access to the downloader folder when using nginx to deny all other IP's. Any ideas where I'm going wrong with the below? I've tried with my IPv4 and IPv6 address, neither works and results in a 403 forbidden.
(Domain and IP I've replaced for security)



 server 
 listen 80 default;

 root /var/www/mywebsiteaddress.co.uk/httpdocs;
 server_name mywebsiteaddress.co.uk;

 location / 
 index index.html index.php;
 # First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ @handler;
 

 ## These locations would be hidden by .htaccess normally
 location ^~ /app/ deny all; 
 location ^~ /includes/ deny all; 
 location ^~ /lib/ deny all; 
 location ^~ /media/downloadable/ deny all; 
 location ^~ /pkginfo/ deny all; 
 location ^~ /report/config.xml deny all; 
 location ^~ /var/ deny all; 
 location ^~ /downloader/ allow 123.456.789.0; deny all; 


 location /var/export/ ## Allow admins only to view export folder
 auth_basic "Restricted"; ## Message shown in login window
 auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
 autoindex on;
 

 location /. ## Disable .htaccess and other hidden files
 return 404;
 

 location @handler ## Magento uses a common front handler
 rewrite / /index.php;
 

 location ~ .php/ ## Forward paths like /js/index.php/x.js to relevant handler
 rewrite ^(.*.php)/ $1 last;
 

 location ~ .php$ 
 if (!-e $request_filename) rewrite / /index.php last; ## Catch 404s that try_files miss

 expires off; ## Do not cache dynamic content
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
 fastcgi_param MAGE_RUN_TYPE store;
 include fastcgi_params;






magento-1.9 nginx







share|improve this question














bumped to the homepage by Community 21 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • do you see your ip address in access log?

    – MagenX
    May 3 '16 at 15:25

















3















I'm having a problem allowing my IP address access to the downloader folder when using nginx to deny all other IP's. Any ideas where I'm going wrong with the below? I've tried with my IPv4 and IPv6 address, neither works and results in a 403 forbidden.
(Domain and IP I've replaced for security)



 server 
 listen 80 default;

 root /var/www/mywebsiteaddress.co.uk/httpdocs;
 server_name mywebsiteaddress.co.uk;

 location / 
 index index.html index.php;
 # First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ @handler;
 

 ## These locations would be hidden by .htaccess normally
 location ^~ /app/ deny all; 
 location ^~ /includes/ deny all; 
 location ^~ /lib/ deny all; 
 location ^~ /media/downloadable/ deny all; 
 location ^~ /pkginfo/ deny all; 
 location ^~ /report/config.xml deny all; 
 location ^~ /var/ deny all; 
 location ^~ /downloader/ allow 123.456.789.0; deny all; 


 location /var/export/ ## Allow admins only to view export folder
 auth_basic "Restricted"; ## Message shown in login window
 auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
 autoindex on;
 

 location /. ## Disable .htaccess and other hidden files
 return 404;
 

 location @handler ## Magento uses a common front handler
 rewrite / /index.php;
 

 location ~ .php/ ## Forward paths like /js/index.php/x.js to relevant handler
 rewrite ^(.*.php)/ $1 last;
 

 location ~ .php$ 
 if (!-e $request_filename) rewrite / /index.php last; ## Catch 404s that try_files miss

 expires off; ## Do not cache dynamic content
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
 fastcgi_param MAGE_RUN_TYPE store;
 include fastcgi_params;






magento-1.9 nginx







share|improve this question














bumped to the homepage by Community 21 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • do you see your ip address in access log?

    – MagenX
    May 3 '16 at 15:25













3












3








3








I'm having a problem allowing my IP address access to the downloader folder when using nginx to deny all other IP's. Any ideas where I'm going wrong with the below? I've tried with my IPv4 and IPv6 address, neither works and results in a 403 forbidden.
(Domain and IP I've replaced for security)



 server 
 listen 80 default;

 root /var/www/mywebsiteaddress.co.uk/httpdocs;
 server_name mywebsiteaddress.co.uk;

 location / 
 index index.html index.php;
 # First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ @handler;
 

 ## These locations would be hidden by .htaccess normally
 location ^~ /app/ deny all; 
 location ^~ /includes/ deny all; 
 location ^~ /lib/ deny all; 
 location ^~ /media/downloadable/ deny all; 
 location ^~ /pkginfo/ deny all; 
 location ^~ /report/config.xml deny all; 
 location ^~ /var/ deny all; 
 location ^~ /downloader/ allow 123.456.789.0; deny all; 


 location /var/export/ ## Allow admins only to view export folder
 auth_basic "Restricted"; ## Message shown in login window
 auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
 autoindex on;
 

 location /. ## Disable .htaccess and other hidden files
 return 404;
 

 location @handler ## Magento uses a common front handler
 rewrite / /index.php;
 

 location ~ .php/ ## Forward paths like /js/index.php/x.js to relevant handler
 rewrite ^(.*.php)/ $1 last;
 

 location ~ .php$ 
 if (!-e $request_filename) rewrite / /index.php last; ## Catch 404s that try_files miss

 expires off; ## Do not cache dynamic content
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
 fastcgi_param MAGE_RUN_TYPE store;
 include fastcgi_params;






magento-1.9 nginx







share|improve this question














I'm having a problem allowing my IP address access to the downloader folder when using nginx to deny all other IP's. Any ideas where I'm going wrong with the below? I've tried with my IPv4 and IPv6 address, neither works and results in a 403 forbidden.
(Domain and IP I've replaced for security)



 server 
 listen 80 default;

 root /var/www/mywebsiteaddress.co.uk/httpdocs;
 server_name mywebsiteaddress.co.uk;

 location / 
 index index.html index.php;
 # First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ @handler;
 

 ## These locations would be hidden by .htaccess normally
 location ^~ /app/ deny all; 
 location ^~ /includes/ deny all; 
 location ^~ /lib/ deny all; 
 location ^~ /media/downloadable/ deny all; 
 location ^~ /pkginfo/ deny all; 
 location ^~ /report/config.xml deny all; 
 location ^~ /var/ deny all; 
 location ^~ /downloader/ allow 123.456.789.0; deny all; 


 location /var/export/ ## Allow admins only to view export folder
 auth_basic "Restricted"; ## Message shown in login window
 auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
 autoindex on;
 

 location /. ## Disable .htaccess and other hidden files
 return 404;
 

 location @handler ## Magento uses a common front handler
 rewrite / /index.php;
 

 location ~ .php/ ## Forward paths like /js/index.php/x.js to relevant handler
 rewrite ^(.*.php)/ $1 last;
 

 location ~ .php$ 
 if (!-e $request_filename) rewrite / /index.php last; ## Catch 404s that try_files miss

 expires off; ## Do not cache dynamic content
 fastcgi_pass unix:/var/run/php5-fpm.sock;
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 fastcgi_param MAGE_RUN_CODE default; ## Store code is defined in administration > Configuration > Manage Stores
 fastcgi_param MAGE_RUN_TYPE store;
 include fastcgi_params;






magento-1.9 nginx




magento-1.9 nginx






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Apr 28 '16 at 15:48









ChrisChris

509




509





bumped to the homepage by Community 21 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community 21 mins ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.














  • do you see your ip address in access log?

    – MagenX
    May 3 '16 at 15:25

















  • do you see your ip address in access log?

    – MagenX
    May 3 '16 at 15:25
















do you see your ip address in access log?

– MagenX
May 3 '16 at 15:25





do you see your ip address in access log?

– MagenX
May 3 '16 at 15:25










1 Answer
1






active

oldest

votes


















0














I know this i an old post, but we block access to magmi like this:



 location ~* ^/(index.php/)?magmi {

 include includes/admin-ips;

 deny all;


With admin-ips being a text file with a list of ipaddress eg:



allow **.***.**.**/32;





share|improve this answer























    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "479"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f113163%2fmagento-nginx-allow-ip-deny-all-for-downloader-folder%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    I know this i an old post, but we block access to magmi like this:



     location ~* ^/(index.php/)?magmi {

     include includes/admin-ips;

     deny all;


    With admin-ips being a text file with a list of ipaddress eg:



    allow **.***.**.**/32;





    share|improve this answer



























      0














      I know this i an old post, but we block access to magmi like this:



       location ~* ^/(index.php/)?magmi {

       include includes/admin-ips;

       deny all;


      With admin-ips being a text file with a list of ipaddress eg:



      allow **.***.**.**/32;





      share|improve this answer

























        0












        0








        0







        I know this i an old post, but we block access to magmi like this:



         location ~* ^/(index.php/)?magmi {

         include includes/admin-ips;

         deny all;


        With admin-ips being a text file with a list of ipaddress eg:



        allow **.***.**.**/32;





        share|improve this answer













        I know this i an old post, but we block access to magmi like this:



         location ~* ^/(index.php/)?magmi {

         include includes/admin-ips;

         deny all;


        With admin-ips being a text file with a list of ipaddress eg:



        allow **.***.**.**/32;






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Mar 8 '17 at 16:20









        PaddyDPaddyD

        104114




        104114



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Magento Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmagento.stackexchange.com%2fquestions%2f113163%2fmagento-nginx-allow-ip-deny-all-for-downloader-folder%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Can not update quote_id field of “quote_item” table magento 2Magento 2.1 - We can't remove the item. (Shopping Cart doesnt allow us to remove items before becomes empty)Add value for custom quote item attribute using REST apiREST API endpoint v1/carts/cartId/items always returns error messageCorrect way to save entries to databaseHow to remove all associated quote objects of a customer completelyMagento 2 - Save value from custom input field to quote_itemGet quote_item data using quote id and product id filter in Magento 2How to set additional data to quote_item table from controller in Magento 2?What is the purpose of additional_data column in quote_item table in magento2Set Custom Price to Quote item magento2 from controller

            Image
            iPad being using in wall mount battery swollen Should I cover my bicycle overnight while bikepacking? Do UK voters know if their MP will be the Speaker of the House? Why can't we play rap on piano? Plagiarism or not? Why didn't Miles's spider sense work before? How to tell a function to use the default argument values? Short story with a alien planet, government officials must wear exploding medallions If human space travel is limited by the G force vulnerability, is there a way to counter G forces? What about the virus in 12 Monkeys? Is it acceptable for a professor to tell male students to not think that they are smarter than female students? Avoiding the "not like other girls" trope? Apex Framework / library for consuming REST services Is there an expression that means doing something right before you will need it rather than doing it in case you might need it? Method Does Not Exist error message How to show a landlord what we have...
            Read more

            Nissan Patrol Зміст Перше покоління — 4W60 (1951-1960) | Друге покоління — 60 series (1960-1980) | Третє покоління (1980–2002) | Четверте покоління — Y60 (1987–1998) | П'яте покоління — Y61 (1997–2013) | Шосте покоління — Y62 (2010- ) | Посилання | Зноски | Навігаційне менюОфіційний український сайтТест-драйв Nissan Patrol 2010 7-го поколінняNissan PatrolКак мы тестировали Nissan Patrol 2016рвиправивши або дописавши її

            Image
            Автомобілі:ПозашляховикиАвтомобілі Nissan укр.автомобільNissanпозашляховиків195119601988двигун1951повнопривідникомамериканськийWillysарміїкузовомпікапиPerkins1987ЯпоніїІспанії2000дизельним ...
            Read more

            Перекидне табло Зміст Переваги | Недоліки | Будова | Посилання | Навігаційне менюПерекидне таблоU.S. Patent 3 220 174U.S. Patent 3 501 761Split-flap-display

            Image
            Технології дисплеїв англ.циліндріосі Фрагмент перекидного табло головного вокзалу у Франкфурті-на Майні. Посередині літер видно кільцеві частини тримачів карто...
            Read more