Project

General

Profile

Mod access » History » Revision 26

Revision 25 (gstrauss, 2021-03-18 16:29) → Revision 26/28 (gstrauss, 2021-03-18 17:12)

h1. Module mod_access 

 {{>toc}} 

 h2. Description 

 The access module is used to deny access to files. 

 h2. Options 

 *url.access-allow* 
 Allow access only to files with any of given trailing path names. (since 1.4.40) 
 Default value:empty 

 *url.access-deny* 
 Denies access to all files with any of given trailing path names.  
 Default value:empty 

 h2. Usage examples 

 *url.access-allow* 
 <pre> 
     url.access-allow = ( ".jpg", ".gif") 
 </pre> 

 You might want to deny access to all files ending with a tilde (~) or .inc because of:     

 # Text editors often use a trailing tilde for backup files. 
 # And the .inc extension is often used for include files with code. 

 *url.access-deny* 
 <pre> 
     url.access-deny = ( "~", ".inc") 
 </pre> 

 *Directory deny access* 
 An empty string in @url.access-deny@ matches all requests 
 <pre> 
     $HTTP["url"] =~ "^/libraries" { 
         url.access-deny = ("") 
     } 
 </pre> 

 Note: Creating a very, very large list of conditions is inefficient.    If creating conditions from a list, consider batching them with regex alternations into many fewer conditions, each with a large regex.    See #3074 

 *Deny bots* if User-Agent matches robots.txt 
 Sample one-liner to generate config: 
 @curl -s https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/master/robots.txt/robots.txt | perl -e 'while (<>) { /User-agent:\s*(.+)/ && push @x, quotemeta($1); } print "\$HTTP[\"user-agent\"] =~ \"\b(?i:", \"(?i:", join("|",@x), ")\b\" ")\" { url.access-deny = (\"\") }\n"'@