So is "rewrite_by_lua" also evil?

agentzh agentzh at gmail.com
Wed Oct 12 00:15:56 UTC 2011


On Wed, Oct 12, 2011 at 12:03 AM, Nginx User <nginx at nginxuser.net> wrote:
> Anyway, when I have the following (simplified) in firewall.default ....
>
> if ($http_user_agent ~* libwww ) {
>        return 403;
> }
>
> ... everything is fine. When a php request is made, libwww user agents
> are denied and others get the php output.
>

You're using the "~*" operator here and that means "case insensitive
match", see http://wiki.nginx.org/HttpCoreModule#location

> When I use the following (simplified) rewrite_by_lua equivalent instead ....
>
> rewrite_by_lua '
>        if ngx.var.http_user_agent == "libwww" then
>                ngx.exit(ngx.HTTP_FORBIDDEN)
>        end
> ';
>

Note that you're using "==" here in Lua which is exact string comparison :)

> The php file is downloaded. Obviously I don't have the "libwww" when
> testing so I suppose the lua "if" block is skipped at which point the
> physical php file is found and sent to the user as is and the
> proxy_pass directive is not run.
>

Which version of ngx_lua are you using? Please show me your "nginx -V"
output? And which OS are you using? I've tested your example with
ngx_lua git master HEAD on Slackware Linux x86_64 and do not have any
issues :)

Also, enabling --with-debug in your nginx build and show me the
relevant sections of your error.log on the debug error log level will
be helpful too :)

Regards,
-agentzh



More information about the nginx mailing list