Private location does not work

Saint Michael venefax at gmail.com
Mon Feb 20 19:45:03 UTC 2023


Thanks.
I am considering the options.

On Mon, Feb 20, 2023 at 1:21 PM Payam Chychi <pchychi at gmail.com> wrote:

> +1 Francis
>
> Saint, I wonder if this might satisfy your ask indirectly.
>
> Assign a secondary ip address to a nic, and redirect to that ip for your
> iframe processing.
>
> Then you can apply a more specific ACL at host or nginx level to control
> iframe reachability, or even use a ip address thats only reachable to your
> internal users.
>
> The more correct way of doing all of this is through secure user session
> management with authentication and authorization.
>
> Good luck
> -Payam
>
> On Mon, Feb 20, 2023 at 4:35 AM Francis Daly <francis at daoine.org> wrote:
>
>> On Sun, Feb 19, 2023 at 09:33:46AM -0500, Saint Michael wrote:
>>
>> Hi there,
>>
>> > it does not work:
>> > 404 Not Found
>>
>> It appears that you are not asking "how do I ensure that a location{}
>> can only be used for internal redirects/requests".
>>
>> > in the public location,  /carrier_00163e1bb23c, I have
>> > <iframe src="/asrxxxx">
>> >     Your browser does not support iframes
>> > </iframe>
>>
>> > so how do I block the public from looking at my HTML and executing
>> directly
>> > /asrxxxx?
>>
>> You don't.
>>
>> > Is this a bug?
>>
>> It's a misunderstanding on your part of how the requests from the browser
>> to the server work.
>>
>> Right now, your question is "how do I block people from accessing a
>> URL, while also allowing them to access the URL". And the answer is
>> "you can't, reliably".
>>
>> The thing that you want to achieve, can't be achieved using the plan
>> that you are currently following.
>>
>> In the tradition of "the XY problem": if you will describe the thing
>> that you want to achieve, instead of just a part of the current thing
>> that you are doing to attempt to achieve it, then it may be that someone
>> can suggest a way to achieve it.
>>
>> I do see a later mail that has some more details; but on first glance
>> it seems to be describing your current solution, rather than the problem.
>>
>> Cheers,
>>
>>         f
>> --
>> Francis Daly        francis at daoine.org
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> https://mailman.nginx.org/mailman/listinfo/nginx
>>
> --
> Payam Tarverdyan Chychi
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230220/5b6a294e/attachment-0001.htm>


More information about the nginx mailing list