Set location based on query arg
Francis Daly
francis at daoine.org
Fri Nov 11 08:41:40 UTC 2016
On Fri, Nov 11, 2016 at 08:30:06AM +0000, Francis Daly wrote:
> On Thu, Nov 10, 2016 at 06:46:10PM -0500, ulik wrote:
Hi there,
> > # root when path query arg is present
> > if ($arg_path) {
> > root /var/www/example/$arg_path;
> > }
> You can use "map" to set a variable, and then use that variable in the
> "root" directive. That way you can avoid trying to have "root" within
> "if".
Be aware that using user-controlled values in important config is not
often a good thing.
A request for
/passwd?path=../../../../../etc
might return some content that you would prefer it did not, for example.
It would be better to have a list of the allowed paths, or at least the
allowed path patterns, and write the map so that "root" only ends up
with values that you expect.
So - make the default value be "default"; and then only use $arg_path
if it (for example) is only letters.
Cheers,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list