scgi_store_access
The scgi_store_access directive allows you to specify access control rules for storing files in SCGI responses.
Description
The scgi_store_access directive is utilized in NGINX to manage the permissions for access to files that are created from SCGI responses. This directive enables fine-grained control over which client addresses are allowed or denied access to the stored files. You can specify one to three access control rules consisting of 'allow' and 'deny' directives, designed to permit or restrict access based on the client's IP address or subnet mask.
The directive operates by first evaluating the incoming request's client address and then applying the defined rules in the order they are specified. If an 'allow' rule matches the client's address, access will be granted; if a 'deny' rule matches, access gets blocked. If no matching rule is found, the default access control policy applies. This behavior is critical for maintaining security and ensuring that sensitive files are only accessed by authorized users. The rules are processed sequentially, allowing for nuanced access management depending on the organization’s requirements.
Config Example
location /some/location {
scgi_pass 127.0.0.1:9000;
scgi_store on;
scgi_store_access allow 192.168.1.0/24;
scgi_store_access deny all;
}Make sure to define both allow and deny rules as per your access control strategy; otherwise, clients may be locked out inadvertently.
Incorrect subnet notation in IP addresses may lead to access being incorrectly granted or denied.
Ensure that the scgi_store directive is enabled for the access rules to take effect, as these only apply when response storage is active.