I want help...

Francis Daly francis at daoine.org
Fri Dec 14 20:51:38 UTC 2012


On Sat, Dec 15, 2012 at 04:18:55AM +0800, Thomas Joseph wrote:

Hi there,

it seems to me that the level of application-specific control you are
looking for probably does not belong in a default nginx.conf.

The back-end application is probably the right place to do these checks.

You could try using one of the nginx embedded language modules, which
may provide more features.

Or you could try using the various $arg_* variables in a map --
http://nginx.org/r/map.

> And a valid submission will be https://x.y.com/?abc=1.2.3.4&pqr=asdf&xyz=123888598

Would https://x.y.com/?abc=1.2.3.4&xyz=123888598&pqr=asdf be
invalid? Unless you control the client, you probably don't control
the order.

> abc is numeric, with . in between, and ending in digit(s), think of a uuid like 2.16.840.1.113883
> 
> pqr is only alpha, but has 2 choices, asdf or lkjh
> 
> xyz is purely numeric

Untested, but something like

  map $arg_xyz $xyz_bad {
    default 1
    ~ ^[0-9]+$ 0
  }

with similar things for "abc" and "pqr", would set variables that you
could then test for.

  if ($xyz_bad) {
    return 400 "xyz is wrong"
  }

> location / {
> ....
> ....
> if ($args ~ ^((abc=(\d+\.)+(\d+))\&(pqr=(asdf|lkjh))\&(xyz=\d+))$){
> proxy_pass http://127.0.0.1:890/?$1;
> }
> 
> Still I can not limit the repetition, like (abc=(\d{3,10})). Seems nginx, does not support {}. Is that true ? 

I don't know; but it possibly depends on the regex library found at
compile time.

> And what about "if is evil"

Don't use "if" inside "location" unless you can explain why your usage
is correct. That's the rule I tend to use.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org



More information about the nginx mailing list