Add possibility to restrict access to custom url.
Add possibility to restrict access to custom url via model.
Fixes-bug: PROD-36854
Change-Id: I43a304d8255ff07886ebcfe07540134cef44bdff
diff --git a/README.rst b/README.rst
index 7eca71c..48d23df 100644
--- a/README.rst
+++ b/README.rst
@@ -271,6 +271,52 @@
               name: gitlab.domain.com
               port: 80
 
+Location with access policy:
+
+.. note:: If location is defined and access_policy for location is defined, 
+          it overrides main access_policy for that location.
+
+.. code-block:: yaml
+
+    nginx:
+      server:
+        site:
+          nginx_proxy_site01:
+            enabled: true
+            type: nginx_proxy
+            name: site01
+            access_policy:
+              allow:
+              - 192.168.1.1/24
+              - 127.0.0.1
+              deny:
+              - 192.168.1.2
+              - all
+            proxy:
+              host: local.domain.com
+              port: 80
+              protocol: http
+            location:
+              /internal/:
+                host: 172.120.10.200
+                port: 80
+                protocol: http
+              /restricted/:
+                host: 172.10.10.200
+                port: 80
+                protocol: http
+                access_policy:
+                  allow:
+                    - 10.10.10.0/24
+                    - 127.0.0.1
+                  deny:
+                    - all
+            host:
+              name: gitlab.domain.com
+              port: 80
+
+
+
 Use nginx `ngx_http_map_module` that creates variables whose values depend on
 values of other variables.
 
diff --git a/nginx/files/_access_policy.conf b/nginx/files/_access_policy.conf
index ccc990c..37e3347 100644
--- a/nginx/files/_access_policy.conf
+++ b/nginx/files/_access_policy.conf
@@ -1,5 +1,12 @@
 
-      {%- if site.access_policy is defined %}
+      {%- if location is defined and location.access_policy is defined %}
+      {%- for host in location.access_policy.get('allow', []) %}
+      allow {{ host }};
+      {%- endfor %}
+      {%- for host in location.access_policy.get('deny', []) %}
+      deny {{ host }};
+      {%- endfor %}
+      {%- elif site.access_policy is defined %}
       {%- for host in site.access_policy.get('allow', []) %}
       allow {{ host }};
       {%- endfor %}