[SHOW'N'TELL] Primitive RBAC/AAA implementation in nginx config

Jonathan Matthews contact at jpluscplusm.com
Wed Feb 26 20:23:14 UTC 2014

On 26 Feb 2014 12:05, "Jonathan Matthews" <contact at jpluscplusm.com> wrote:
> Hi all -
> I spent some time poking at a interesting problem that came up last
> night, and ended up with this primitive RBAC system, implemented in
> declarative nginx config.

Thanks to the couple of people who reminded me this may not be a
frequently-used term on this list :-)

Role Based Access Control systems are a technique for limiting access to
resources based on people belonging to groups (roles) and not being granted
access individually: https://en.wikipedia.org/wiki/Role-based_access_control

In this case, the resources are URIs, potentially proxy_pass'd, and the
users are HTTP basic auth users. My implementation is nothing special, but
I'd not seen a reasonably scalable one implemented purely in declarative
nginx configuration syntax before :-)

Anyway, tell me why it sucks ... https://gist.github.com/jpluscplusm/9227777

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140226/cc5ebee3/attachment.html>

More information about the nginx mailing list