How to Whitelist Path in NGINX

whitelist path in nginx

Sometimes you may have to allow access to specific pages and directories on your website, which is otherwise password protected. So let us look at how to whitelist path in NGINX.


How to Whitelist Path in NGINX

Here are the steps to whitelist path in NGINX.


1. Open NGINX config file

Open NGINX config file in a text editor. You will typically find it at /etc/nginx/nginx.conf

$ sudo vim /etc/nginx/nginx.conf


2. Whitelist Path

Let’s say all pages on your website/portal are password protected/restricted and you want to allow access to all for specific URLs (e.g /index.php) as well as a directory (e.g /phpmyadmin/). In that case, add the following code to your config file. The idea is to deny all access and then allow access to specific URLs and directories.

upstream _php {
server unix:/var/run/php-fpm/php-fpm.sock;

server {

root /path/to/root;
index index.php;

include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

# deny everything
location / { deny all; }

# allow access to /index.php
location = / { } # allow GET / to redirect to /index.php
location = /index.php { fastcgi_pass _php; }

# allow access to phpmyadmin
location /phpmyadmin/ { } # Allow access .php files in /phpmyadmin/
location ~ ^/phpmyadmin/.*\.php$ { fastcgi_pass _php; } 


The above code will disable any authentication to the specified URLs and directories. In the above case, fastcgi_params are inherited by both location blocks (for index.php and phpmyadmin) that are passed by fastcgi_pass. You can change them as per your requirements.


3. Reload NGINX web server

Reload NGINX server to apply changes.

$ sudo service nginx reload




About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!