HttpAccessModule and unix domain sockets

Sorin Manole sorin.v.manole at gmail.com
Wed May 22 19:17:22 UTC 2013


Hi,

Thanks for the quick response! I would like to implement this feature and
submit the patch for review.
Just want some quick clarifications:
Once there is support for unix domain sockets, should "deny all" limit them
too ? (I suppose yes?)
Also "deny unix:" should limit connections that come through all unix
domain sockets ?

Thank you.


2013/5/22 Maxim Dounin <mdounin at mdounin.ru>

> Hello!
>
> On Tue, May 21, 2013 at 10:27:21PM +0300, Sorin Manole wrote:
>
> > Hi all,
> >
> > It seems that when using HttpAccessModule directives to deny requests,
> they
> > don't seem to work if the server is listening on a unix domain socket.
> Even
> > when using deny all.
> > Can someone confirm and it's not just me making some stupid mistake ?
>
> Yes, access module allow/deny directives currently only able to
> limit ipv4 and ipv6 addresses.
>
> > Now if that is the case, would it be a good idea to add this
> functionality
> > to the module ? Maybe add a new parameter like "deny unix" or something ?
> > Or was this left out on purpose for a reason or another ?
>
> It probably should be expanded to support "unix:" special address
> like set_real_ip_from does (see http://nginx.org/r/set_real_ip_from).
>
> --
> Maxim Dounin
> http://nginx.org/en/donation.html
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20130522/30dcb5da/attachment-0001.html>


More information about the nginx-devel mailing list