Hello,
we need to control what IPs have access to what endpoints implemented in Slim. This is our simplified Nginx setup:
location ^~ /api/v1/foo {
satisfy any;
allow FOO_IP;
# include allowed ips list
include allowed_ips.conf;
try_files $uri /public/index.php$is_args$args;
}
location / {
# include allowed ips list
include allowed_ips.conf;
try_files $uri /public/index.php$is_args$args;
# execute .php files
include php-slim.conf;
}
As you can see only people in the allowed_ips whitelist have access to slim. Additionally we would like to allow FOO_IP to reach the path /api/v1/foo. However, since the try_files directive in that location is:
try_files $uri /public/index.php$is_args$args;
The request will end up in the location /
block and thus we must add FOO_IP also there, effectively granting it access to all other endpoints.
What is the proper pattern for Slim + Nginx in this case ? Thanks a lot for any replies!
EDIT: the allowed_ips.conf file end with a deny all;