[GH-ISSUE #743] The access list doesn't work if you use custom locations. #629

New issue

Closed

opened 2026-02-26 06:33:44 +03:00 by kerem · 9 comments

kerem commented 2026-02-26 06:33:44 +03:00

Owner

Copy link

Originally created by @fischdenflo on GitHub (Nov 28, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/743

Unfortunately the access list doesn't work if you use it like that.

Originally posted by @fischdenflo in https://github.com/jc21/nginx-proxy-manager/issues/104#issuecomment-735018126

Originally created by @fischdenflo on GitHub (Nov 28, 2020). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/743 Unfortunately the access list doesn't work if you use it like that. _Originally posted by @fischdenflo in https://github.com/jc21/nginx-proxy-manager/issues/104#issuecomment-735018126_

kerem closed this issue 2026-02-26 06:33:44 +03:00

kerem commented 2026-02-26 06:33:45 +03:00

Author

Owner

Copy link

@mochman commented on GitHub (Dec 3, 2020):

For a workaround, you can just add your access criteria to the custom location settings. It has to be updated though, if you change the access list criteria.

<!-- gh-comment-id:738250904 --> @mochman commented on GitHub (Dec 3, 2020): For a workaround, you can just add your access criteria to the custom location settings. It has to be updated though, if you change the access list criteria.

kerem commented 2026-02-26 06:33:45 +03:00

Author

Owner

Copy link

@fischdenflo commented on GitHub (Dec 3, 2020):

Is it possible to give me an example? 🙈 But many thanks 🙏

<!-- gh-comment-id:738255964 --> @fischdenflo commented on GitHub (Dec 3, 2020): Is it possible to give me an example? 🙈 But many thanks 🙏

kerem commented 2026-02-26 06:33:45 +03:00

Author

Owner

Copy link

@mochman commented on GitHub (Dec 4, 2020):

Sure. This example only allows local IPs from 192.168.0.0 - 192.168.255.255 to have access.

    # Access Rules
    allow 192.168.0.0/16;
    deny all;

    # Access checks must...
    satisfy all;

The way I got this was to make a fake proxy host with an access list I wanted to use. Then I went into my ./data/nginx/proxy_host/ folder on my server. There you will see a bunch of numbered .conf files. Open the highest numbered one (the one just created). In the

location / {

section of that file, you should see a set of access rules that were made. Just copy those into your actual custom locations.

<!-- gh-comment-id:738570672 --> @mochman commented on GitHub (Dec 4, 2020): Sure. This example only allows local IPs from 192.168.0.0 - 192.168.255.255 to have access. ``` # Access Rules allow 192.168.0.0/16; deny all; # Access checks must... satisfy all; ``` The way I got this was to make a fake proxy host with an access list I wanted to use. Then I went into my `./data/nginx/proxy_host/` folder on my server. There you will see a bunch of numbered .conf files. Open the highest numbered one (the one just created). In the ``` location / { ``` section of that file, you should see a set of access rules that were made. Just copy those into your actual custom locations.

kerem commented 2026-02-26 06:33:45 +03:00

Author

Owner

Copy link

@fischdenflo commented on GitHub (Dec 4, 2020):

Ok I will test ist. Many Thanks 🙏

<!-- gh-comment-id:738720123 --> @fischdenflo commented on GitHub (Dec 4, 2020): Ok I will test ist. Many Thanks 🙏

kerem commented 2026-02-26 06:33:45 +03:00

Author

Owner

Copy link

@derekoharrow commented on GitHub (Dec 14, 2020):

I'm seeing the same behaviour - access lists seem to be ineffective if you have custom locations specified. This is quite a critical feature to be missing.

How can you setup user basic authentication with custom locations?

<!-- gh-comment-id:744572036 --> @derekoharrow commented on GitHub (Dec 14, 2020): I'm seeing the same behaviour - access lists seem to be ineffective if you have custom locations specified. This is quite a critical feature to be missing. How can you setup user basic authentication with custom locations?

kerem commented 2026-02-26 06:33:45 +03:00

Author

Owner

Copy link

@mjeschar commented on GitHub (Jan 19, 2021):

Same issue here, 90% of my domains are using custom locations. I really need the working basic auth. for those services. Any chance to implement it? I really like the GUI!

<!-- gh-comment-id:763148973 --> @mjeschar commented on GitHub (Jan 19, 2021): Same issue here, 90% of my domains are using custom locations. I really need the working basic auth. for those services. Any chance to implement it? I really like the GUI!

kerem commented 2026-02-26 06:33:45 +03:00

Author

Owner

Copy link

@l4rm4nd commented on GitHub (Mar 26, 2021):

Custom locations will break any access lists. Further, the HTTP/2 SSL option can also break access lists.

If you need to have custom locations, proceed as explained by @mochman. Configure your access rules specifically for each custom location entry.

For basic auth:

# Authorization, specify the correct access list id, example id is 1
auth_basic        "Authorization required";
auth_basic_user_file        /data/access/1;

For IP restrictions:

# Access Rules
satisfy all;
allow 192.168.0.0/16;
allow 10.0.0.0/8;
allow 172.16.0.0/12;
deny all;

You can combine both. Remember, if you set the satisfy directive to all, access is granted if a client satisfies both conditions (auth + IP). If you set the directive to any, access is granted if a client satisfies at least one condition.

<!-- gh-comment-id:808417628 --> @l4rm4nd commented on GitHub (Mar 26, 2021): Custom locations will break any access lists. Further, the HTTP/2 SSL option can also break access lists. If you need to have custom locations, proceed as explained by @mochman. Configure your access rules specifically for each custom location entry. For basic auth: ```` # Authorization, specify the correct access list id, example id is 1 auth_basic "Authorization required"; auth_basic_user_file /data/access/1; ```` For IP restrictions: ```` # Access Rules satisfy all; allow 192.168.0.0/16; allow 10.0.0.0/8; allow 172.16.0.0/12; deny all; ```` You can combine both. Remember, if you set the satisfy directive to ``all``, access is granted if a client satisfies both conditions (auth + IP). If you set the directive to ``any``, access is granted if a client satisfies at least one condition.

kerem commented 2026-02-26 06:33:45 +03:00

Author

Owner

Copy link

@mcastorina commented on GitHub (Apr 3, 2021):

I think this is a pretty critical bug. The UI implies the access list is effective for the entire proxy host when it's not for custom locations.

<!-- gh-comment-id:812771793 --> @mcastorina commented on GitHub (Apr 3, 2021): I think this is a pretty critical bug. The UI implies the access list is effective for the entire proxy host when it's not for custom locations.

kerem commented 2026-02-26 06:33:45 +03:00

Author

Owner

Copy link

@chaptergy commented on GitHub (May 12, 2021):

Duplicate of https://github.com/jc21/nginx-proxy-manager/issues/148

<!-- gh-comment-id:840102584 --> @chaptergy commented on GitHub (May 12, 2021): Duplicate of https://github.com/jc21/nginx-proxy-manager/issues/148

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

dependabot/npm_and_yarn/backend/prod-minor-updates-5edfafad3a

dependabot/npm_and_yarn/backend/liquidjs-10.25.7

dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987

dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41

dependabot/npm_and_yarn/backend/basic-ftp-5.3.0

dependabot/npm_and_yarn/test/follow-redirects-1.16.0

dependabot/npm_and_yarn/test/axios-1.15.0

dependabot/npm_and_yarn/frontend/lodash-4.18.1

dependabot/npm_and_yarn/backend/lodash-4.18.1

dependabot/npm_and_yarn/test/lodash-4.18.1

dependabot/npm_and_yarn/frontend/vite-7.3.2

dependabot/npm_and_yarn/frontend/lodash-es-4.18.1

dependabot/npm_and_yarn/frontend/happy-dom-20.8.9

dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0

dependabot/npm_and_yarn/frontend/picomatch-4.0.4

dependabot/npm_and_yarn/backend/picomatch-2.3.2

dependabot/npm_and_yarn/frontend/yaml-1.10.3

dependabot/npm_and_yarn/test/flatted-3.4.2

dependabot/npm_and_yarn/test/tar-7.5.11

dependabot/npm_and_yarn/frontend/immutable-5.1.5

master

dependabot/npm_and_yarn/test/glob-10.5.0

dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1

dependabot/npm_and_yarn/test/form-data-4.0.4

v3-abandoned

bump-freedns

openidc

ssl-passthrough-hosts

static-content

v2.14.0

v2.13.7

v2.13.6

v2.13.5

v2.13.4

v2.13.3

v2.13.2

v2.13.1

v2.13.0

v2.12.6

v2.12.5

v2.12.4

v2.12.3

v2.12.2

v2.12.1

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.22

v2.9.21

v2.9.20

v2.9.19

v2.9.18

v2.9.17

v2.9.16

v2.9.15

v2.9.14

v2.9.13

v2.9.12

v2.9.11

v2.9.10

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.1

v2.8.0

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.1

v2.1.0

2.0.14

2.0.13

2.0.12

2.0.11

2.0.10

2.0.9

2.0.8

2.0.7

2.0.6

2.0.5

2.0.4

2.0.3

2.0.2

2.0.0

v2.0.0

1.1.2

1.1.1

1.0.1

Labels

Clear labels   

awaiting feedback

  

bug

  

cannot reproduce

  

dns provider request

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

good first issue

  

help wanted

  

invalid

  

need more info

  

no certbot plugin available

  

product-support

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

troll

  

upstream issue

  

v2

  

v2

  

v2

  

v3

  

wontfix

No labels

awaiting feedback

bug

cannot reproduce

dns provider request

duplicate

enhancement

enhancement

enhancement

good first issue

help wanted

invalid

need more info

no certbot plugin available

product-support

pull-request

question

stale

troll

upstream issue

v2

v2

v2

v3

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#629

No description provided.