Created
September 18, 2018 15:35
-
-
Save deoren/6850af94baa66d945dffba248aac8740 to your computer and use it in GitHub Desktop.
Nginx snippet for blocking directory listings for clients from a private WiFi subnet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| listen 8080; | |
| server_name software.example.com; | |
| root /mnt/data/software/packages; | |
| autoindex on; | |
| # Only allow "trusted" networks | |
| include trusted_acl.inc.conf; | |
| # and package retrievals via WiFi clients who know the exact full | |
| # URL path (no browsing site contents) | |
| allow 172.17.0.0/16; | |
| deny all; | |
| # Rules for favicon.ico, robots.txt, etc. | |
| include shared_content.inc.conf; | |
| # Detect requests for listing directory contents and check remote address. | |
| # If an WiFi address is detected then refuse to show the autoindexed | |
| # listing of contents. | |
| location ~ /$ { | |
| if ($remote_addr ~ "^172") { | |
| # Block WiFi clients from browsing directory contents | |
| return 401; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As of the time this Gist entry was created, GitHub does not support notifications for comments for mentions to Gist entries (see isaacs/github#21 for details). Please contact me via Twitter or file an issue in the deoren/leave-feedback repo (created for that very purpose) if you wish to receive a response for your feedback. Thank you in advance!