NGINX - To allow a specific User-Agent from one IP address only


Step 1: Define the Map BlocksAdd this configuration inside the http {} block of your /etc/nginx/nginx.conf file. This logic evaluates the incoming User-Agent and IP address to flag unauthorized requests


http {
    # ... your existing http config ...

    # 1. Check if the User-Agent matches the restricted one
    map $http_user_agent $is_restricted_ua {
        default         0;
        "~*YourCustomUserAgent" 1; # Replace with your target User-Agent (regex matching)
    }

    # 2. Check if the client IP is NOT the authorized one
    map $remote_addr $is_unauthorized_ip {
        default        1;
        "192.168.1.50" 0; # Replace with your ONLY allowed IP address
    }

    # 3. Combine both conditions: Flag if it's the target UA AND an unauthorized IP
    map "$is_restricted_ua$is_unauthorized_ip" $block_request {
        default   0;
        "11"      1; # 1 (Restricted UA) + 1 (Unauthorized IP) = Block
    }
}



Step 2: Apply the Block RuleOpen your website's specific server configuration file (e.g., inside /etc/nginx/sites-available/) and use the combined variable to reject requests with a 403 Forbidden error.

server {
    listen 80;
    server_name yourdomain.com;

    # Place this rule globally inside the server block or inside a specific location block
    if ($block_request) {
        return 403;
    }

    location / {
        # ... your standard site configuration ...
    }
}

-
Marcadores: , ,

TLS/SSL certificate CSR

 
# CSR
openssl req -new -newkey rsa:4096 -keyout domain.key -out domain.csr


# Remove key password
openssl rsa -in encrypted.key -out decrypted.key


chain = crt + intermediary

-
Marcadores: ,

Certificate - PEM to PKCS12

 

Convert Lets encrypt PEM to tomcat PKCS12 

openssl pkcs12 -export \ -in fullchain.pem \ -inkey privkey.pem \ -out server.p12 \ -name my-domain-alias 

-
Marcadores: , ,

Add nginx repository Ubuntu

 Add nginx repository Ubuntu


# 1. Download the NGINX signing key
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null


# 2. Add the NGINX Repository
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list


echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900" | sudo tee /etc/apt/preferences.d/99nginx

 

-
Marcadores: ,
Assinar: Postagens (Atom)

NGINX - To allow a specific User-Agent from one IP address only

Step 1: Define the Map BlocksAdd this configuration inside the http {} block of your /etc/nginx/nginx.conf file. This logic evaluates the in...

Mais vistos

  • Finding Stale User and Computer Accounts
    Find Users Who Have Never Logged On Use the following PowerShell Command; Get-ADUser -Filter { LastLogonDate -notlike "*" -and En...
  • How to Configure WPAD through DNS
    First you have to configure a wpad site in your IIS Open the proxypac.pac file you have previously created and save as wpad.dat. Copy wpa...
  • JKS and Openssl commands
    Java Keytool Command These commands allow you to generate a new Java Keytool keystore file, create a CSR, and import certificates. A...