How to Restrict Page Access on Azure with Nginx Without Using Plugins

In today's web development landscape, ensuring the security and privacy of your applications is paramount. With the rise of artificial intelligence (AI) and solutions like AI security, organizations are looking for dependable ways to manage access to their applications and APIs. Gloo Gateway and LLM Gateway open source are popular choices for managing API traffic efficiently while considering API cost accounting to optimize operations. In this article, we will explore how to restrict page access on Azure using Nginx without relying on plugins, providing you with a solid foundation for securing sensitive areas of your web application.

Introduction to Nginx

Nginx is a powerful web server that provides features such as HTTP caching, reverse proxy capabilities, load balancing, and security functionalities. With its lightweight architecture, Nginx has become a go-to choice for developers who want to build highly scalable web applications. When deployed on Azure, Nginx can effectively serve as a barrier between your web applications and potential unauthorized access attempts.

Understanding Page Access Restrictions

When creating web applications, there are times when you'll need to restrict access to specific pages or resources. This may be necessary for various reasons, such as providing a members-only area, ensuring sensitive information is not publicly accessible, or managing API access. Depending on your application's architecture and needs, there are several methods to implement access restrictions.

For our purposes, we will focus on using Nginx on Azure to enforce access control without the need for third-party plugins, ensuring a lightweight and efficient solution.

Setting Up Nginx on Azure

To restrict page access effectively, the first step is to set up Nginx on an Azure virtual machine (VM). This guide assumes you have basic knowledge of Azure and can create and configure a VM.

Step 1: Create an Azure Virtual Machine

1. Log in to your Azure Portal.
2. Create a new virtual machine.
3. Choose the desired OS (Ubuntu is preferred for this tutorial).
4. Select the appropriate size for your VM based on your anticipated traffic.
5. Configure the networking to allow HTTP (port 80) and HTTPS (port 443) traffic.

Step 2: Install Nginx

Once your VM is set up, you will need to install Nginx. Connect to your VM using SSH.

ssh username@your_vm_ip_address

Update your package manager and install Nginx with the following commands:

sudo apt update
sudo apt install nginx

Step 3: Start and Enable Nginx

After installation, start the Nginx service and enable it to run on startup:

sudo systemctl start nginx
sudo systemctl enable nginx

At this point, Nginx is up and running on your Azure VM. You can verify this by navigating to your VM's public IP address in your browser. You should see the Nginx welcome page.

Configuring Nginx for Access Control

Nginx allows you to restrict access using HTTP and user authentication methods. Here, we will demonstrate how to restrict access to specific pages without the need for any plugins.

Step 4: Create an Authentication File

To restrict access based on user authentication, you first need to create a password file that will store user credentials.

1. Install the apache2-utils package to gain access to the htpasswd utility:

bash sudo apt install apache2-utils

1. Create a password file (you can name it .htpasswd and place it in a secure directory):

bash sudo htpasswd -c /etc/nginx/.htpasswd username

You will be prompted to enter a password for the username you provided.

Step 5: Configure Nginx to Use the Authentication File

Next, modify the Nginx configuration to restrict access to the desired location using Basic Authentication.

1. Open the default Nginx configuration file located at /etc/nginx/sites-available/default:

bash sudo nano /etc/nginx/sites-available/default

1. Add the following snippet inside the server block to restrict access to a specific location:

nginx location /restricted { auth_basic "Restricted Access"; auth_basic_user_file /etc/nginx/.htpasswd; }

With this configuration, anyone attempting to access http://your_vm_ip_address/restricted will be prompted to enter the username and password you've created.

Step 6: Test Your Configuration

After saving your changes, check the Nginx configuration for syntax errors:

sudo nginx -t

If all checks out, reload the Nginx service:

sudo systemctl reload nginx

Now, when you navigate to the /restricted page, you will be prompted for the credentials, effectively restricting access.

APIPark is a high-performance AI gateway that allows you to securely access the most comprehensive LLM APIs globally on the APIPark platform, including OpenAI, Anthropic, Mistral, Llama2, Google Gemini, and more.Try APIPark now! 👇👇👇

Additional Access Control Features with Nginx

Rate Limiting

Nginx can also implement rate limiting to protect against abuse. You can specify limits on the number of requests a user can make over a given time period. Here’s a simple example of how to configure rate limiting in your Nginx configuration:

http {
    limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

    server {
        location /api/ {
            limit_req zone=one burst=5;
        }
    }
}

In this example, requests from the same IP address to the /api/ endpoint are limited to one request per second, with bursts allowed for up to five requests.

IP Whitelisting or Blacklisting

You can restrict access to specific IP addresses or ranges by adding allow and deny directives:

location / {
    deny all;
    allow 192.168.1.0/24;
}

This will deny access to all users except those coming from the specified IP range.

Conclusion

Restricting page access on Azure using Nginx without plugins is a straightforward yet highly effective approach to securing your web applications. The steps outlined in this tutorial demonstrate how you can use Nginx's built-in capabilities, such as Basic Authentication and rate limiting, to manage how users gain access to various parts of your application.

By implementing these access control measures, you not only enhance the security of your application but also ensure compliance with AI security policies and practices. In a world where API cost accounting is becoming increasingly important, having a robust solution for managing access is essential for optimizing resources and delivering stable performance in your applications.

Whether you’re utilizing Gloo Gateway, LLM Gateway open source, or simply managing your APIs using Nginx, ensuring secure access patterns is a vital aspect of modern web development. Start implementing these strategies today to secure your applications effectively!

Reference Table: Nginx Configuration Directives

Directive	Description
auth_basic	Enables Basic Authentication for a location.
auth_basic_user_file	Specifies the file that contains user credentials.
limit_req_zone	Defines a zone for rate limiting based on IP address.
allow	Grants access to specific IP addresses.
deny	Denies access to specified IP addresses.

Code Example

Here's a complete Nginx configuration snippet showing user authentication and rate limiting together:

server {
    listen 80;
    server_name your_vm_ip_address;

    location /restricted {
        auth_basic "Restricted Access";
        auth_basic_user_file /etc/nginx/.htpasswd;
    }

    limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

    location /api {
        limit_req zone=one burst=5;
    }

    location / {
        return 404;
    }
}

This configuration secures the /restricted path with basic authentication and limits access to the /api endpoint, ensuring your application is both secure and optimized for performance.

🚀You can securely and efficiently call the 文心一言 API on APIPark in just two steps:

Step 1: Deploy the APIPark AI gateway in 5 minutes.

APIPark is developed based on Golang, offering strong product performance and low development and maintenance costs. You can deploy APIPark with a single command line.

curl -sSO https://download.apipark.com/install/quick-start.sh; bash quick-start.sh

In my experience, you can see the successful deployment interface within 5 to 10 minutes. Then, you can log in to APIPark using your account.

Step 2: Call the 文心一言 API.