How to deny with 404 on nginx

Question

I want to secure some locations in nginx by supplying deny/allow directives, but I do not want outsider to know that a location is denied. I want outsider to get 404, not 403 http code. My configuration snippet is

location /admin/ {
    uwsgi_pass myupstream1;
    include /path/to/uwsgi_params;

    allow 127.0.0.1;
    deny all;
}

When I try to visit /admin/ nginx responds with HTTP 403, but I want it respond with HTTP 404. Any recipe for this?

Answer 1

error_page 403 404 /404.html;

location = /404.html {
    internal; #return 404
}

location /admin/ {
    uwsgi_pass myupstream1;
    include /path/to/uwsgi_params;

    allow 127.0.0.1;
    deny all;
}

The 'internal' returns 404 by default.

Adapted from this answer here

Answer 2

A more elegant way is to create a custom error page. In that page instead of showing http error code, you can specify a custom message.

Name an error page

error_page 403 =404 /40X.html;

    location /admin/ {
        uwsgi_pass myupstream1;
        include /path/to/uwsgi_params;
        allow 127.0.0.1;
        deny all;  
    }

    location /40X.html {
    root path/to/public;
    }

In your 40x.html you can write any message

<html>
<body> The requested resource is not available </body>
</html>

place this 40x.html in your path/to/public directory