From 2a9ac4b2cc8bf37a5f220e38ade6c4a403843b65 Mon Sep 17 00:00:00 2001
From: Mitesh Shah <Mitesh.Shah@rtcamp.com>
Date: Mon, 6 Jan 2014 18:47:43 +0530
Subject: [PATCH] Protect Locations Using HTTP AUTH OR IP-Based Authentication

---
 etc/nginx/common/acl.conf        |  9 ++++-----
 etc/nginx/common/allowed_ip.conf |  3 ---
 etc/nginx/common/locations.conf  | 15 +++------------
 3 files changed, 7 insertions(+), 20 deletions(-)
 delete mode 100644 etc/nginx/common/allowed_ip.conf

diff --git a/etc/nginx/common/acl.conf b/etc/nginx/common/acl.conf
index 25406ac0..2cc9f84f 100644
--- a/etc/nginx/common/acl.conf
+++ b/etc/nginx/common/acl.conf
@@ -1,9 +1,8 @@
+# Protect Locations Using HTTP AUTH OR IP-Based Authentication
 satisfy any;
 auth_basic "Restricted Area";
 auth_basic_user_file  htpasswd-ee;
-        
-## Allowd IP Address List
-# allow 127.0.0.1;
 
-# uncomment following to turn on IP-based restriction
-# deny all; 
+# Allowed IP Address List
+allow 127.0.0.1;
+deny all;
diff --git a/etc/nginx/common/allowed_ip.conf b/etc/nginx/common/allowed_ip.conf
deleted file mode 100644
index 087c9bae..00000000
--- a/etc/nginx/common/allowed_ip.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# Allowd IP Address
-allow 127.0.0.1;
-deny all;
\ No newline at end of file
diff --git a/etc/nginx/common/locations.conf b/etc/nginx/common/locations.conf
index e6506394..81e6fc96 100644
--- a/etc/nginx/common/locations.conf
+++ b/etc/nginx/common/locations.conf
@@ -25,10 +25,7 @@ location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gi
 location /ee/ {
 	autoindex on;
 	alias /var/www/shared/;
-	satisfy any;
-	auth_basic "Restricted Area";
-	auth_basic_user_file  htpasswd-ee;
-	include common/allowed_ip.conf;
+	include common/acl.conf;
 	index index.php index.html index.htm;
 
 		location ~ ^/ee(.+\.php)$ {
@@ -60,19 +57,13 @@ location /phpmyadmin {
 location /nginx_status {
 	stub_status on;
 	access_log   off;
-	satisfy any;
-	auth_basic "Restricted Area";
-	auth_basic_user_file  htpasswd-ee;
-	include common/allowed_ip.conf;
+	include common/acl.conf;
 }
 
 location ~ ^/(status|ping) {
 	include fastcgi_params;
 	fastcgi_pass php;
-	satisfy any;
-	auth_basic "Restricted Area";
-	auth_basic_user_file  htpasswd-ee;
-	include common/allowed_ip.conf;
+	include common/acl.conf;
 }