id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 359 DENY ALL ignored when using unix sockets Jevgeni Kiski "'''HowTo reproduce:''' Lets create a folder in /tmp with a file mkdir /tmp/secure echo 'My secret' > /tmp/secure/secret.txt Then lets create a virtual server that listens to an unix socket: {{{ server { server_name _; listen unix:/var/run/secure.sock; root /tmp/secure; deny all; location / { index index.html; } } }}} Note: I also added '''deny all''' inside '''server''' block in main server configuration we add proxy_pass to our newly created ""secure"" virtual server {{{ location ^~ /secure/ { proxy_pass http://unix:/var/run/secure.sock:/; } }}} reloading configuration and trying to access http://localhost/secure/secret.txt We got contents! How? Deny all did not work '''Expected:''' 403 Forbidden '''Received:''' 200 OK with contents '''Testing same thing but with ports:''' Replacing sockets with ports: {{{ server { server_name _; listen 8080; root /tmp/secure; deny all; location / { index index.html; } } }}} And main server: {{{ location ^~ /secure/ { proxy_pass http://0.0.0.0:8080/; } }}} Reloading configuration and trying to access http://localhost/secure/secret.txt 403 Forbidden. As expected!" enhancement closed minor nginx-core 1.2.x fixed Linux server 3.8.0-19-generic #30-Ubuntu SMP Wed May 1 16:35:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux "nginx version: nginx/1.2.6 (Ubuntu) TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --with-pcre-jit --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/home/user/nginx-1.2.6/debian/modules/nginx-auth-pam --add-module=/home/user/nginx-1.2.6/debian/modules/nginx-echo --add-module=/home/user/nginx-1.2.6/debian/modules/nginx-upstream-fair --add-module=/home/user/nginx-1.2.6/debian/modules/nginx-dav-ext-module --add-module=/home/user/nginx-1.2.6/debian/modules/nginx-rtmp-module"