feat: allow access to forbidden location to specified user agents

README.md

@@ -104,6 +104,7 @@ The entrypoint file contains a list of environment variables that will be replac
 - `NGINX_CLIENT_MAX_BODY_SIZE`: the maximum allowed size for the client request body (default: `200M`)
 - `NGINX_CORS_ENABLED`: enable cors for `/` path and the caller origin header represented by `$http_origin` nginx variable (<https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin>) (default: `0`)
 - `NGINX_CORS_DOMAINS`: a list of CORS enabled domains to activate cors just for the specified ones (no default provided)
+- `NGINX_FORBIDDEN_LOCATIONS_EXIT_CODE`: a valid return code used as return value when the forbidden locations are hitted (default `200`)
 
 ## Rootless feature
 

docker-entrypoint.sh

@@ -73,9 +73,13 @@ if [ -n "${NGINX_BASIC_AUTH_USER}" ] && [ -n "${NGINX_BASIC_AUTH_PASS}" ]; then
 fi
 
 # Activate the forbidden locations when the environment is not local
+NGINX_FORBIDDEN_LOCATIONS_EXIT_CODE=${NGINX_FORBIDDEN_LOCATIONS_EXIT_CODE:-"200"}
+export NGINX_FORBIDDEN_LOCATIONS_EXIT_CODE
 if [ "${ENV:-}" != "loc" ]; then
   print "Activating the forbidden locations"
-  cp /templates/fragments/005-forbidden-locations.conf /etc/nginx/conf.d/fragments/005-forbidden-locations.conf
+  # shellcheck disable=SC2016 # The envsubst command needs to be executed without variable expansion
+  envsubst '${NGINX_FORBIDDEN_LOCATIONS_EXIT_CODE}' < /templates/fragments/005-forbidden-locations.conf > /etc/nginx/conf.d/fragments/005-forbidden-locations.conf
+  cat /etc/nginx/conf.d/fragments/005-forbidden-locations.conf
 fi
 
 # Activate HSTS header (default: off)

templates/fragments/005-forbidden-locations.conf

@@ -1,7 +1,7 @@
 location = /core/install.php {
-  return 404;
+  return ${NGINX_FORBIDDEN_LOCATIONS_EXIT_CODE};
 }
 
 location = /update.php {
-  return 404;
+  return ${NGINX_FORBIDDEN_LOCATIONS_EXIT_CODE};
 }