How to do proxy in this case

David Woodstuck leeon2013 at gmail.com
Tue Jun 6 13:13:55 UTC 2017


I have one proxy server(nginx) - such as nginx.mycom.com and three upstream
servers - name1.mycom.com, name2.mycom.com name3.mycom.com for my one
application. Contents from upstream servers have a lot of iframes which
have different domains. I want to allow XSS for these different domains. I
don't know how to achieve XSS for this application.

For instance, when contents from name1.mycom.com has two iframes that their
src are name1.mycom.com/content1 and name2.mycom.com/content2, can I do the
following to achieve XSS?

(1). replace name1.mycom.com/content1 with nginx.mycom.com/content1
      replace name2.mycom.com/content1 with nginx.mycom.com/content2
      add_header for XSS
(2). When nginx.mycom.com/content1 request is coming, proxy to
name1.mycom.com/content1
      add_header for XSS
(3). When nginx.mycom.com/content2 request is coming, proxy to
name2.mycom.com/content2
      add_header for XSS

I only have limited knowledge of Nignx. I like to use NginxScript to
achieve this goal. Can I do it in Nginx. I do appreciate your suggestion
and some examples.

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170606/745a2476/attachment.html>


More information about the nginx mailing list