Directive Reference

access

The access directive controls access based on variable conditions in NGINX configurations.

Advanced access control based on variables · httpserverlocationlimit_except
Syntaxaccess (allow|deny) variable;
Defaultnone
Contexthttp, server, location, limit_except
Arguments2

Description

The access directive in NGINX provides advanced access control based on specified variables. It allows the configuration of rules that either permit or deny access to resources depending on the evaluation of these variables at runtime. When using this directive, you can specify either 'allow' or 'deny' followed by a variable; if the variable is non-empty and not zero, the corresponding rule will be triggered. Once a request is allowed, it bypasses any subsequent access rules to streamline access enforcement.

The directive can be used in different contexts: http, server, location, and limit_except, making it versatile for various scopes within the configuration. Additionally, behavior can further be controlled by the access_rules_inherit directive, which determines how access rules from higher contexts should be applied when the directive is defined in nested locations.

By default, there is no overriding default value for the access directive, hence it must be explicitly defined in each scenario where access control is desired. Combined with the access_deny_status directive, administrators can also customize the response status code when access is denied, thus providing better control over server responses to unauthorized requests.

Config Example

server {
    listen 80;
    server_name example.com;

    # Allow access if $var1 is non-empty and not zero
    access allow $var1;

    # Deny access if $var2 is non-empty and not zero
    access deny $var2;

    location / {
        # Your other configurations
    }

    location /restricted {
        # Override deny status code
        access_deny_status 404;

        # Deny access if $var3 is non-empty and not zero
        access deny $var3;
    }
}

Using the directive without defining appropriate variables will lead to unexpected behavior or permissions being granted incorrectly.

Increased complexity if multiple access rules are defined in nested configurations; ensure clarity on rule precedence.

Care must be taken to consider the execution order of access rules and their effects on performance. Unnecessary complexity in condition evaluation can impact response time.

Related Directives

access_deny_statusaccess_rules_inherit
← Back to all directives