Allow Without Deny

Gixy Check ID: allow_without_deny

When a configuration block contains allow directive with some IP address or subnet, it most likely should also contain deny all; directive (or it should be enforced somewhere else). Otherwise, there's basically no access limitation.

Bad Example

location / {
      root /var/www/;
      allow 10.0.0.0/8;
      . . .
}

Harden NGINX with maintained RPMs

Use NGINX Extras by GetPageSpeed for continuously updated NGINX and modules on RHEL/CentOS/Alma/Rocky. Learn more.

Good Example

location / {
      root /var/www/;
      allow 10.0.0.0/8;
      deny all;
      . . .
}