I would like to be able to whitelist certain IPs in my NGINX config file and deny everything else. This way I can be certain that only the IPs I allow can access my website.
I've already done this and it's working. In the /etc/nginx/sites-available/default file, I've added the following:
server {
allow ip address; #comment
allow ip address; #comment
deny all;
}
The problem that we've is we listen to Shopify webhook notifications to our web app to certain URLs and Shopify uses various IP addresses for this, 614 found so far and still counting. Whitelisting these many IP addresses without certainty that there will be no more is not looking like a solution. But if we can keep open the couple of URLs that Shopify sends notification to in our web app, that will solve our problem. This way, we don't have to worry about whitelisting IPs that Shopify uses to send webhook notification.
So what I am looking for is to keep these couple of URLs open to any IPs. Everything else except for the ip we whitelist and the URLs we choose to keep open will be blocked.
If this is not possible and there is alternative solution to this problem, please advise. Thank you.
Related
test.com DNS to cloudflare and I configured the www A record to point to google firebase. all good here.
I want to point any domain to www.test.com and render exactly the same content. what should I do to achieve this? do I need to create my own DNS in cloudflare and give it to domain admins so they can configure the domain? any pointers will help. thanks!
Providers like Firebase Hosting use the Host header name of the incoming request to determine which customer's content to serve. If other people change their DNS to point to www.test.com, the Host header will still be populated based on the domain they provided.
To make a website serve the same content regardless of domain, you need to either:
Host the content on a dedicated IP address such that the Host header doesn't matter (this is not possible with Firebase Hosting) or
Have all connecting domains proxy to www.test.com as opposed to directly setting DNS and include a Host header of www.test.com when they forward traffic.
In general services where you need to manually configure a custom domain (e.g. Firebase Hosting, Heroku, etc) are not going to support arbitrary other domains pointing to them without an additional layer in between.
So I have a domain(example.com), where I want the root url
example.com
to direct to my landing page's DNS that comes from its hosting provider and I want every other url
example.com/whatever-here
to direct to my main hosting provider, which is digital ocean with its DNS. I did it before, but with subdomains. The example.com part was directing to my landings and their hosts, while everything that started with the "app" subdomain (app.example.com) directed users to my main hosting. Now I want to do it without introduction of subdomains. Is it done somewhere on Nginx level? Or is it configured in my hosting providers' settings? Couldn't find the answer so far.
You can't.
The hostname indicates what server your browser is going to connect to. The requested path is then sent to that server, only after the browser has connected to it.
Just as #Brad said, it's impossible to directly host a domain name on two different DNS'es simultaneously. However, I managed to find two approaches that don't do what I wanted, but the end result is pretty much the same:
Host www.domain.com on one server and domain.com on another. Not all providers support it, so it's a not guaranteed-to-work solution. But it's still a solution.
Use Nginx's proxy-pass without redirect or a similar function of your webserver.
This way, you can have example.com actually load some-other-site.com without changing the browser url. I'll provide my Nginx configuration for reference:
location = / {
include proxy_params;
proxy_pass http://other-domain-or-ip.com/;
}
This is just the result I wanted and it makes me think that I fell victim to the X->Y problem here.
I'm trying to open with the question that I really want answered. I want the URL at which outside users can access a particular part of my application.
In my server's setup, we're using Nginx as a reverse proxy, so my app is confugured to be at port 9000. But I can't point users at this, because they can't access that port. Users can access port 8080. But this is part of my system configuration and could (I think) change. Also it does change from development to staging to production. So, I would like to avoid hard-coding this if possible.
So then my question, can I somehow, dynamically, tell the "outermost" port that an incoming request is received at? Possibly through passing a header down from Nginx? I'm thinking of X-Forwarded-For, except I want to know what URL the client contacted to reach me (the server), not what IP address the client is contacting the server from. Is this possible?
$server_port variable holds the port the client connected to.
Is it possible to access website through IP address with path to index file instead of domain name?
Example:
Domain: Youtube.com
IP address: 216.58.209.142
Trying to access the website through IP address won't work. I understand this is because there can be multiple websites on the same IP address and the settings which directory gets sent to the user is set in nginx/apache.
Is it possible to visit the said website through for example 216.58.209.142/youtube/path/to/directory/index.html ?
If this works then how would I be able to get the full URL path?
Just curious, I'm not trying to achieve anything particular.
In general it's not possible.
Server can block your request even if you provide a correct/existing path, allowing you to access the data only using a correct domain name.
Just replace the www.youtube.com with YouTube's IP. For example: 216.58.209.142/index.html (I don't know if YouTube has index.html, but if it did that's how you would access it)
I am making a WordPress theme that should be served to mobile users. So far I have been testing it in Chrome using User agent spoofing. Now I would like to try and access it from a real mobile device.
On my PC I access the site using a virtual host that aims a folder on my computer. How do I do this from my phone, where I can't edit hosts file?
I found this tutorial.
Regarding my httpd.conf file, I changed
Listen 80
to
Listen 192.168.xxx.xxx:8081
I also added to <Directory "cgi-bin">
Allow from all
The third thing I did was to open up port 8081.
Now, what I don't know is how to access my WordPress site from my phone, because when I type 192.168.xxx.xxx:8081 into the browser, I get Forbidden.
You can leave Listen 80 as is. Just find out the IP of your machine and type that into your phone. http://192.168.xxx.xxx
Make sure your local machine's firewalls are configured properly to accept these connections.
If you have multiple virtual hosts, you can either make sure the site you are looking to test is listed first, or you may also be able to set DNS entries into your router / gateway if you are lucky.