HttpAccessModule and unix domain sockets

Maxim Dounin mdounin at mdounin.ru
Wed May 22 13:49:41 UTC 2013


Hello!

On Tue, May 21, 2013 at 10:27:21PM +0300, Sorin Manole wrote:

> Hi all,
> 
> It seems that when using HttpAccessModule directives to deny requests, they
> don't seem to work if the server is listening on a unix domain socket. Even
> when using deny all.
> Can someone confirm and it's not just me making some stupid mistake ?

Yes, access module allow/deny directives currently only able to 
limit ipv4 and ipv6 addresses.

> Now if that is the case, would it be a good idea to add this functionality
> to the module ? Maybe add a new parameter like "deny unix" or something ?
> Or was this left out on purpose for a reason or another ?

It probably should be expanded to support "unix:" special address 
like set_real_ip_from does (see http://nginx.org/r/set_real_ip_from).

-- 
Maxim Dounin
http://nginx.org/en/donation.html



More information about the nginx-devel mailing list