starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 09:25:55 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #4705] Access Lists on custom location paths #2989

New issue
Open
opened 2026-02-26 07:37:30 +03:00 by kerem · 6 comments
kerem commented 2026-02-26 07:37:30 +03:00
Owner
Copy link

Originally created by @Bahama03 on GitHub (Aug 11, 2025).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4705

Hello,

While implementing Proxy Manager and migrating from Apache Reversed Proxy (which are all configuration files built and referred to in sites files) I came across the following configuration I use and miss in Nginx Proxy Manager;

Most of the websites are public, while others have the need to use basic HTTP Auth or an access list. This is already possible on a domain and works like a charm.
Now there are some websites which are public, but some subdirectories or subfiles on a website should be protected by auth or acl. Simple example: Wordpress websites should be public, but the wp-admin and/or wp-login.php sub url should be restricted by IP. In Apache I named a separate location and defined the allowed IP ACL.
In proxy manager this is not yet possible, since I can't define a proxy host (e.g. example.com/wp-admin), I can only define domain names (e.g. domain.com (without something after the /)). I can define custom locations for various paths but it is not possible to define a ACL for the specific path.
I am not a programmer, but I would very much like to have the option to be able to select a ACL list on a custom location (subdirectory).

Does anyone have any input?
Thanks

Regards,
Thomas

Originally created by @Bahama03 on GitHub (Aug 11, 2025). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4705 Hello, While implementing Proxy Manager and migrating from Apache Reversed Proxy (which are all configuration files built and referred to in sites files) I came across the following configuration I use and miss in Nginx Proxy Manager; Most of the websites are public, while others have the need to use basic HTTP Auth or an access list. This is already possible on a domain and works like a charm. Now there are some websites which are public, but some subdirectories or subfiles on a website should be protected by auth or acl. Simple example: Wordpress websites should be public, but the wp-admin and/or wp-login.php sub url should be restricted by IP. In Apache I named a separate location and defined the allowed IP ACL. In proxy manager this is not yet possible, since I can't define a proxy host (e.g. example.com/wp-admin), I can only define domain names (e.g. domain.com (without something after the /)). I can define custom locations for various paths but it is not possible to define a ACL for the specific path. I am not a programmer, but I would very much like to have the option to be able to select a ACL list on a custom location (subdirectory). Does anyone have any input? Thanks Regards, Thomas
kerem commented 2026-02-26 07:37:31 +03:00
Author
Owner
Copy link

@aerickt commented on GitHub (Aug 17, 2025):

I currently add a custom location and specify whatever access control I need. Here's an example:

Image

However, I don't like this approach. I would much prefer the ability to use access lists on subdirectories. as @Bahama03 describes.

<!-- gh-comment-id:3194738295 --> @aerickt commented on GitHub (Aug 17, 2025): I currently add a custom location and specify whatever access control I need. Here's an example: <img width="609" height="817" alt="Image" src="https://github.com/user-attachments/assets/69255177-eef7-40fa-9f32-5c976ed74bd7" /> However, I don't like this approach. I would much prefer the ability to use access lists on subdirectories. as @Bahama03 describes.
kerem commented 2026-02-26 07:37:31 +03:00
Author
Owner
Copy link

@fvultee commented on GitHub (Aug 19, 2025):

I currently add a custom location and specify whatever access control I need. Here's an example:
Image

However, I don't like this approach. I would much prefer the ability to use access lists on subdirectories. as @Bahama03 describes.

How are you seeing the window at the bottom of the custom locations tab where you can enter allow/deny rules? I'm on the most current version of NPM and I don't have that field?

Image
<!-- gh-comment-id:3201947709 --> @fvultee commented on GitHub (Aug 19, 2025): > I currently add a custom location and specify whatever access control I need. Here's an example: > <img alt="Image" width="609" height="817" src="https://private-user-images.githubusercontent.com/52895314/478815192-69255177-eef7-40fa-9f32-5c976ed74bd7.png?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3NTU2MzE2MjQsIm5iZiI6MTc1NTYzMTMyNCwicGF0aCI6Ii81Mjg5NTMxNC80Nzg4MTUxOTItNjkyNTUxNzctZWVmNy00MGZhLTlmMzItNWM5NzZlZDc0YmQ3LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNTA4MTklMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjUwODE5VDE5MjIwNFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTkxMTU1ODRmM2MzNzMzZTcxMWVhYjE5Mjc4ZjJjMjY0YTJhOGM2ZmFkMGJlMWE4MmE0NmUzMThlZWRlZTAwNzQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0In0.81JPeiGCf41V5TxusGdDxop4yRjRsfToIuGyUejtU_A"> > > However, I don't like this approach. I would much prefer the ability to use access lists on subdirectories. as [@Bahama03](https://github.com/Bahama03) describes. How are you seeing the window at the bottom of the custom locations tab where you can enter allow/deny rules? I'm on the most current version of NPM and I don't have that field? <img width="636" height="731" alt="Image" src="https://github.com/user-attachments/assets/12b48d1a-e520-45f5-a5fd-1f609dd46817" />
kerem commented 2026-02-26 07:37:31 +03:00
Author
Owner
Copy link

@aerickt commented on GitHub (Aug 20, 2025):

@fvultee Press the gear icon.

<!-- gh-comment-id:3203490841 --> @aerickt commented on GitHub (Aug 20, 2025): @fvultee Press the gear icon.
kerem commented 2026-02-26 07:37:31 +03:00
Author
Owner
Copy link

@fvultee commented on GitHub (Aug 20, 2025):

@fvultee Press the gear icon.

Wow, I must have been tired, it's literally right in front of me...

<!-- gh-comment-id:3206433772 --> @fvultee commented on GitHub (Aug 20, 2025): > [@fvultee](https://github.com/fvultee) Press the gear icon. Wow, I must have been tired, it's literally right in front of me...
kerem commented 2026-02-26 07:37:31 +03:00
Author
Owner
Copy link

@BenoitSafari commented on GitHub (Nov 10, 2025):

@fvultee Press the gear icon.

Wow, I must have been tired, it's literally right in front of me...

I had to do some research and came across this issue to see this icon as well. You’re not alone.

However, being able to use the access list from there would be a great addition.

<!-- gh-comment-id:3511766507 --> @BenoitSafari commented on GitHub (Nov 10, 2025): > > [@fvultee](https://github.com/fvultee) Press the gear icon. > > Wow, I must have been tired, it's literally right in front of me... I had to do some research and came across this issue to see this icon as well. You’re not alone. However, being able to use the access list from there would be a great addition.
kerem commented 2026-02-26 07:37:31 +03:00
Author
Owner
Copy link

@fvultee commented on GitHub (Nov 10, 2025):

@fvultee Press the gear icon.

Wow, I must have been tired, it's literally right in front of me...

I had to do some research and came across this issue to see this icon as well. You’re not alone.

However, being able to use the access list from there would be a great addition.

Well at least we can put the details of an ACL under the icon and get the same effect, but you're right it would nice to just be able to select a predefined ACL.

<!-- gh-comment-id:3512741256 --> @fvultee commented on GitHub (Nov 10, 2025): > > > [@fvultee](https://github.com/fvultee) Press the gear icon. > > > > > > Wow, I must have been tired, it's literally right in front of me... > > I had to do some research and came across this issue to see this icon as well. You’re not alone. > > However, being able to use the access list from there would be a great addition. Well at least we can put the details of an ACL under the icon and get the same effect, but you're right it would nice to just be able to select a predefined ACL.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#2989
No description provided.