Using variables on configuration (map?) for regex

mostolog at gmail.com mostolog at gmail.com
Tue Jan 24 09:20:37 UTC 2017


Hi


Months ago I was trying to setup a nginx-CAS environment and found this 
issue (I'll explain below). Now, I have found it again, but this time 
seems not so easy to workaround.

Scenario:
Client connects to Apache which forwards to Apereo CAS server and 
authenticate the user.
Once authenticated, Apache reverse proxy NGINX with a http header in the 
request which contains the list of groups the user is member of.

To sum up: nginx knows the user, has a comma separated list of groups, 
and the location the user requested to browse.


In the past event, I had ~200 Group/URLs I wanted to protect, and tried to:

    map $request_method:$http_groups:$request_uri $denied {
    default 1;
    ~^GET:group$group:/$group 0;
    }

sadly, map does not expand the left side of the statement, so I couldn't 
do that and ended doing:

    map $request_method:$http_groups:$request_uri $denied {
    default 1;
    ~^GET:group1:/group1 0;
    ~^GET:group2:/group2 0;
            ...
            200 lines
            ...
    }

As previously said, today I'm having the same issue, but this time the 
predefined group list is not known. Actually, a user creates a "chat 
room" and only users from specified group list can join.

As I could send this "new list" as a header to nginx: It is possible to 
compare two nginx variables to check if "$a do not contain $b"?

Actually I'm usin regex backreferences to solve it. eg: 
$tmp="$var1:$var2" and $tmp ~ "(.*):\1"

Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170124/c9d2d47c/attachment-0001.html>


More information about the nginx mailing list