This is pretty standard nginx config, but it's also obtuse (I think) and I'm happy to provide my understanding if desired. I went with the geo approach because allow and deny directives weren't working and I didn't see why.
You should get a 400 status (bad request) for GETs, and a 403 (forbidden) if you make a POST request from outside of the allowed IP ranges. Missing or incorrect basic auth gets you a 401. So:
From a shell on the app:
curl -i http://127.0.0.1:8080 -> 400 Bad Request
curl -iX POST http://127.0.0.1:8080 -> 401 Authorization Required
curl -iX POST http://[your-username]:[your-password]@127.0.0.1:8080 -> 201 Created
From outside:
curl -i https://[your-logshipper-route].cloud.gov -> 403 Forbidden
curl -iX POST https://[your-logshipper-route].cloud.gov -> 403 Forbidden *
I didn't know whether the Basic Auth or IP restriction would take precedence here; looks like it's IP restriction.
This is pretty standard nginx config, but it's also obtuse (I think) and I'm happy to provide my understanding if desired. I went with the
geo
approach becauseallow
anddeny
directives weren't working and I didn't see why.You should get a 400 status (bad request) for GETs, and a 403 (forbidden) if you make a POST request from outside of the allowed IP ranges. Missing or incorrect basic auth gets you a 401. So:
From a shell on the app:
curl -i http://127.0.0.1:8080
-> 400 Bad Requestcurl -iX POST http://127.0.0.1:8080
-> 401 Authorization Requiredcurl -iX POST http://[your-username]:[your-password]@127.0.0.1:8080
-> 201 CreatedFrom outside:
curl -i https://[your-logshipper-route].cloud.gov
-> 403 Forbiddencurl -iX POST https://[your-logshipper-route].cloud.gov
-> 403 Forbidden *