HttpAccessModule and unix domain sockets
mdounin at mdounin.ru
Wed May 22 19:32:26 UTC 2013
On Wed, May 22, 2013 at 10:17:22PM +0300, Sorin Manole wrote:
> Thanks for the quick response! I would like to implement this feature and
> submit the patch for review.
> Just want some quick clarifications:
> Once there is support for unix domain sockets, should "deny all" limit them
> too ? (I suppose yes?)
> Also "deny unix:" should limit connections that come through all unix
> domain sockets ?
> Thank you.
> 2013/5/22 Maxim Dounin <mdounin at mdounin.ru>
> > Hello!
> > On Tue, May 21, 2013 at 10:27:21PM +0300, Sorin Manole wrote:
> > > Hi all,
> > >
> > > It seems that when using HttpAccessModule directives to deny requests,
> > they
> > > don't seem to work if the server is listening on a unix domain socket.
> > Even
> > > when using deny all.
> > > Can someone confirm and it's not just me making some stupid mistake ?
> > Yes, access module allow/deny directives currently only able to
> > limit ipv4 and ipv6 addresses.
> > > Now if that is the case, would it be a good idea to add this
> > functionality
> > > to the module ? Maybe add a new parameter like "deny unix" or something ?
> > > Or was this left out on purpose for a reason or another ?
> > It probably should be expanded to support "unix:" special address
> > like set_real_ip_from does (see http://nginx.org/r/set_real_ip_from).
> > --
> > Maxim Dounin
> > http://nginx.org/en/donation.html
> > _______________________________________________
> > nginx-devel mailing list
> > nginx-devel at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx-devel
> nginx-devel mailing list
> nginx-devel at nginx.org
More information about the nginx-devel