From 0414ae4b92d172e9f6d5294da0d20b9d8c00b4eb Mon Sep 17 00:00:00 2001
From: Beck Davis <bd4538@princeton.edu>
Date: Fri, 17 Jan 2025 09:26:19 -0500
Subject: [PATCH] update lockers-and-study-spaces-staging.conf to restrict
 access to princeton IPs Added 4 lines to
 lockers-and-study-spaces-staging.conf Co-authored-by: Francis Kayiwa
 <kayiwa@users.noreply.github.com>

---
 .../files/conf/http/lockers-and-study-spaces-staging.conf | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/nginxplus/files/conf/http/lockers-and-study-spaces-staging.conf b/roles/nginxplus/files/conf/http/lockers-and-study-spaces-staging.conf
index b1b249082..66c9fc21a 100644
--- a/roles/nginxplus/files/conf/http/lockers-and-study-spaces-staging.conf
+++ b/roles/nginxplus/files/conf/http/lockers-and-study-spaces-staging.conf
@@ -38,8 +38,8 @@ server {
     ssl_prefer_server_ciphers  on;
 
     location / {
-#        # app_protect_enable on;
-        # app_protect_security_log_enable on;
+        app_protect_enable off;
+        app_protect_security_log_enable on;
         proxy_pass http://lockers-and-study-spaces-staging;
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Forwarded-Proto https;
@@ -48,6 +48,10 @@ server {
         # handle errors using errors.conf
         proxy_intercept_errors on;
         health_check uri=/health.json interval=10 fails=3 passes=2;
+        # allow princeton network
+        include /etc/nginx/conf.d/templates/restrict.conf;
+        # block all
+        deny all;        
     }
 
     include /etc/nginx/conf.d/templates/errors.conf;