Preventing args other than list
Markus Jelsma
markus.jelsma at openindex.io
Tue Oct 12 01:39:54 MSD 2010
Ah yes, using an regex didn't come to mind. We'll check if it works.
Thanks!
> Hello!
>
> On Mon, Oct 11, 2010 at 05:08:09PM +0100, Valery Kholodkov wrote:
> > ----- Markus Jelsma <markus.jelsma at openindex.io> wrote:
> > > Hi list,
> > >
> > > We're having an upstream server that can accept many different
> > > parameters. Most query string parameters can be predefined in the
> > > backend itself but some cannot because they are unpredictable.
> > >
> > > We'd like to configure our proxy as to only allow a set of parameters
> > > that we want to define in Nginx. Configuring the list in a map seems
> > > easy, but comparing it to the actual query parameters seems hard.
> > >
> > > I know how i can test on availability of parameters by using
> > > $args_PARAMETER and the if directive. But just as in the backend, we
> > > wan't to inverse the list. We need to define what IS allowed, not wat
> > > ISN'T allowed.
> > >
> > > Any suggestions on how to procede?
> >
> > The only solution I know that doesn't require low level coding is build
> > in perl.
>
> I believe apropriate checks may be easily written with regexp,
> e.g. this one will allow only arg1 and arg2 arguments:
>
> if ($args !~ "^(((arg1|arg2)=[^&;]*)([&;]+((arg1|arg2)=[^&;]*))*)?$") {
> return 403;
> }
>
> ("?:" omitted for clarity)
>
> The only downside that it uses "if", which is known to be evil
> (http://wiki.nginx.org/IfIsEvil). Though this one is safe even in
> location context as it uses "return".
>
> Maxim Dounin
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list