Different Naxsi rulesets
Jean-Paul Hemelaar
hemelaar at desikkel.nl
Mon Nov 13 18:47:09 UTC 2017
Hi,
I have updated the config to use 'map' instead of the if-statements. That's
indeed a better way.
The problem however remains:
- Naxsi mainrules are in the http-block
- Config similar to:
map $geoip_country_code $ruleSetCC {
default "strict";
CC1 "relaxed";
CC2 "relaxed";
}
location /strict/ {
include /usr/local/nginx/naxsi.rules.strict;
proxy_pass http://app-server/;
}
location /relaxed/ {
include /usr/local/nginx/naxsi.rules.relaxed;
proxy_pass http://app-server/;
}
location / {
include /usr/local/nginx/naxsi.rules.default;
set $ruleSet $ruleSetCC;
rewrite ^(.*)$ /$ruleSet$1 last;
}
It's always using naxsi.rules.default. If this line is removed it's not
using any rules (pass-all).
Thanks so far!
JP
On Mon, Nov 13, 2017 at 2:14 PM, Aziz Rozyev <arozyev at nginx.com> wrote:
> At first glance config looks correct, so probably it’s something with naxi
> rulesets.
> Btw, why don’t you use maps?
>
> map $geoip_coutnry_code $strictness {
> default “strict";
> CC_1 “not-so-strict";
> CC_2 “not-so-strict";
> # .. more country codes;
> }
>
> # strict and not-so-strict locations
>
> map $strictness $path {
> "strict” "/strict/";
> "not-so-strict” "/not-so-strict/“;
> }
>
> location / {
> return 302 $path;
> # ..
> }
>
>
> br,
> Aziz.
>
>
>
>
>
> > On 12 Nov 2017, at 14:03, Jean-Paul Hemelaar <hemelaar at desikkel.nl>
> wrote:
> >
> > T THIS WORKS:
> > # include /usr/local/n
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20171113/1d2ede1a/attachment.html>
More information about the nginx
mailing list