0
0
Nginxdevops~20 mins

IP-based access control (allow/deny) in Nginx - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
IP Access Control Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
2:00remaining
What is the effect of this nginx configuration snippet?
Given the following nginx configuration inside a server block, what will happen when a client with IP 192.168.1.10 tries to access the server?
location / {
  allow 192.168.1.0/24;
  deny all;
}
Nginx
location / {
  allow 192.168.1.0/24;
  deny all;
}
AThe client will get a 404 Not Found error.
BThe client is denied access because deny all overrides allow.
CThe client with IP 192.168.1.10 is allowed access because it matches the allowed subnet.
DThe client will be redirected to another location.
Attempts:
2 left
💡 Hint
Remember that nginx processes allow and deny directives in order and stops at the first match.
Configuration
intermediate
2:00remaining
Which nginx configuration denies all IPs except 10.0.0.5?
Select the correct nginx configuration snippet that denies access to all IPs except the single IP 10.0.0.5.
A
allow 10.0.0.5;
deny all;
B
allow all;
deny 10.0.0.5;
C
deny 10.0.0.5;
allow all;
D
deny all;
allow 10.0.0.5;
Attempts:
2 left
💡 Hint
The order of allow and deny directives matters in nginx.
Troubleshoot
advanced
2:00remaining
Why does this nginx config block all IPs including allowed ones?
You have this nginx config:
location /secure {
  deny all;
  allow 192.168.0.0/16;
}

But clients from 192.168.1.100 are still denied access. What is the reason?
Nginx
location /secure {
  deny all;
  allow 192.168.0.0/16;
}
ANginx requires 'satisfy any;' directive to allow exceptions.
BThe subnet 192.168.0.0/16 does not include 192.168.1.100.
CThe deny all directive overrides allow regardless of order.
DThe order of deny and allow is wrong; deny all should come after allow.
Attempts:
2 left
💡 Hint
Check the order of allow and deny directives and how nginx processes them.
🔀 Workflow
advanced
2:00remaining
What is the correct workflow to restrict access to a web app by IP in nginx?
Which sequence of steps correctly describes how to restrict access to a web application by IP address using nginx?
AEdit nginx config to add allow/deny directives, test config syntax, reload nginx service.
BRestart nginx service, edit config, test syntax, reload service.
CEdit config, reload nginx without testing syntax, check logs for errors.
DTest config syntax, restart nginx service, edit config, reload service.
Attempts:
2 left
💡 Hint
Think about safe steps to avoid downtime or errors.
🧠 Conceptual
expert
3:00remaining
What is the effect of combining 'allow' and 'deny' directives with 'satisfy any;' in nginx?
Consider this nginx configuration snippet:
location / {
  satisfy any;
  allow 10.1.1.0/24;
  deny all;
  auth_basic "Restricted";
  auth_basic_user_file /etc/nginx/.htpasswd;
}

What is the behavior for a client from IP 10.1.1.50?
Nginx
location / {
  satisfy any;
  allow 10.1.1.0/24;
  deny all;
  auth_basic "Restricted";
  auth_basic_user_file /etc/nginx/.htpasswd;
}
AClient must provide password regardless of IP because auth_basic always applies.
BClient from 10.1.1.50 is allowed without password because IP allow passes satisfy any.
CClient is denied access because deny all overrides allow with satisfy any.
DClient is allowed only if password matches and IP is allowed.
Attempts:
2 left
💡 Hint
'satisfy any;' means only one condition must be met to allow access.