Info for deny some locations ( nginx )

Pietro Leone

• February 14, 2025 13:33
• Edited

Hello,

I want to globally deny some location on nginx.Currently i made it in apache conf ( i use nginx as proxy ) but now i want to change it and put on nginx.

[user@host conf.d]# pwd
/etc/nginx/conf.d
[user@host conf.d]# cat block.conf
location = /xmlrpc.php {
    deny all;
}
[user@host conf.d]# nginx -t
nginx: [emerg] "location" directive is not allowed here in /etc/nginx/conf.d/block.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed

reading documentation i understand i can't modify directly nginx.conf.

any help please?

thanks

 

• 

  manoj bajpai

  • February 14, 2025 18:49

  You're right—Nginx does not allow location directives inside conf.d/*.conf files unless they are inside a server block. Since you are using Nginx as a proxy, you need to modify the appropriate server block.

  Solution

  Instead of placing your location directive directly in /etc/nginx/conf.d/block.conf, you should modify your existing Nginx server block configuration.

  Steps to Fix

  1. Edit the main Nginx configuration file or an existing site-specific config in /etc/nginx/conf.d/

     • Open the default or virtual host configuration file where the server block is defined.
     • Typically, this is found in /etc/nginx/conf.d/default.conf or /etc/nginx/nginx.conf.

  2. Modify the configuration file

     • Add the location block inside the server block.

     server {
         listen 80;
         server_name yourdomain.com;
     
         location = /xmlrpc.php {
             deny all;
         }
     
         # Other existing configurations
     }
     

  3. Save and test the configuration Run:

     nginx -t
     

     If there are no errors, restart Nginx:

     systemctl restart nginx
     

  Alternative (Using include Directive)

  If you want to keep the rule in a separate file (like block.conf), you need to modify your main Nginx configuration to include it inside a server block.

  1. Edit your main server block (e.g., /etc/nginx/conf.d/default.conf)

     server {
         listen 80;
         server_name yourdomain.com;
     
         include /etc/nginx/conf.d/block.conf;
     }
     

  2. Modify /etc/nginx/conf.d/block.conf to contain only the location directive:

     location = /xmlrpc.php {
         deny all;
     }
     

  3. Test and reload Nginx

     nginx -t && systemctl reload nginx
     

  Let me know if you need further clarification! 

  0
• 

  Pietro Leone

  • February 17, 2025 08:17

  Hello,

  thanks for your help.

  I am following your instruction . i have a default.conf in the folder.

  after editing this file it seems that the configuration has not changed. i am looking into verbose nginx -T command and i not found new location i add before...

  may be i need rebuild something ? thanks

  0
• 

  Pietro Leone

  • February 19, 2025 09:08

  i am stucked here...

  any help before i open ticket ? thanks

  0
• 

  cPRex Jurassic Moderator

  • February 19, 2025 17:07

  It would likely be best to open a ticket on this one so the system can be examined directly.

  0

Please sign in to leave a comment.