Using variables on configuration (map?) for regex

mostolog at mostolog at
Tue Jan 24 09:20:37 UTC 2017


Months ago I was trying to setup a nginx-CAS environment and found this 
issue (I'll explain below). Now, I have found it again, but this time 
seems not so easy to workaround.

Client connects to Apache which forwards to Apereo CAS server and 
authenticate the user.
Once authenticated, Apache reverse proxy NGINX with a http header in the 
request which contains the list of groups the user is member of.

To sum up: nginx knows the user, has a comma separated list of groups, 
and the location the user requested to browse.

In the past event, I had ~200 Group/URLs I wanted to protect, and tried to:

    map $request_method:$http_groups:$request_uri $denied {
    default 1;
    ~^GET:group$group:/$group 0;

sadly, map does not expand the left side of the statement, so I couldn't 
do that and ended doing:

    map $request_method:$http_groups:$request_uri $denied {
    default 1;
    ~^GET:group1:/group1 0;
    ~^GET:group2:/group2 0;
            200 lines

As previously said, today I'm having the same issue, but this time the 
predefined group list is not known. Actually, a user creates a "chat 
room" and only users from specified group list can join.

As I could send this "new list" as a header to nginx: It is possible to 
compare two nginx variables to check if "$a do not contain $b"?

Actually I'm usin regex backreferences to solve it. eg: 
$tmp="$var1:$var2" and $tmp ~ "(.*):\1"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list