HttpAccessModule and unix domain sockets

Maxim Dounin mdounin at mdounin.ru
Wed May 22 19:32:26 UTC 2013


Hello!

On Wed, May 22, 2013 at 10:17:22PM +0300, Sorin Manole wrote:

> Hi,
> 
> Thanks for the quick response! I would like to implement this feature and
> submit the patch for review.
> Just want some quick clarifications:
> Once there is support for unix domain sockets, should "deny all" limit them
> too ? (I suppose yes?)

Yes.

> Also "deny unix:" should limit connections that come through all unix
> domain sockets ?

Yes.

> 
> Thank you.
> 
> 
> 2013/5/22 Maxim Dounin <mdounin at mdounin.ru>
> 
> > Hello!
> >
> > On Tue, May 21, 2013 at 10:27:21PM +0300, Sorin Manole wrote:
> >
> > > Hi all,
> > >
> > > It seems that when using HttpAccessModule directives to deny requests,
> > they
> > > don't seem to work if the server is listening on a unix domain socket.
> > Even
> > > when using deny all.
> > > Can someone confirm and it's not just me making some stupid mistake ?
> >
> > Yes, access module allow/deny directives currently only able to
> > limit ipv4 and ipv6 addresses.
> >
> > > Now if that is the case, would it be a good idea to add this
> > functionality
> > > to the module ? Maybe add a new parameter like "deny unix" or something ?
> > > Or was this left out on purpose for a reason or another ?
> >
> > It probably should be expanded to support "unix:" special address
> > like set_real_ip_from does (see http://nginx.org/r/set_real_ip_from).
> >
> > --
> > Maxim Dounin
> > http://nginx.org/en/donation.html
> >
> > _______________________________________________
> > nginx-devel mailing list
> > nginx-devel at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx-devel
> >

> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel


-- 
Maxim Dounin
http://nginx.org/en/donation.html



More information about the nginx-devel mailing list