Welcome! Log In Create A New Profile

Advanced

Drupal cron.php access control.

António P. P. Almeida
August 17, 2010 04:24PM
Hello,

I'm settign an access control for Drupal cron.php that is invoked via
a cron job.

I tried two approaches and both seem to work

1. Use the Access module and specify the allowed host.

location /cron.php {
deny all;
allow 127.0.0.1;
allow 192.168.1.0/24;
fastcgi_pass 127.0.0.1:9000;
}

2. Use a conditional.

location /cron.php {
if ($remote_adrr ~* (192\.168\.1\.(1|2)|127\.0\.0\.1)) {
fastcgi_pass 127.0.0.1:9000;
}
return 404;
}

Travelling down the somewhat dubious path of security by obscurity I
find that returning 404 revals less than a 403.

But I'm aware that it's a pretty scant justification for using a
conditional. In terms of efficiency which approach is preferred?

BTW I tried to use a non-capturing group but if failed. It always
returned the 404. I tried this:

location /cron.php {
if ($remote_adrr ~* (?:192\.168\.1\.(?:1|2)|127\.0\.0\.1)) {
fastcgi_pass 127.0.0.1:9000;
}
return 404;
}

I suppose libpcre3 implements all of PCRE, including non-capturing
groups. Is this a limitation of nginx regex handling? Or I'm I
misundertanding something more fundamental in what nginx conditionals
and regex handling is concerned?

Thank you,
António

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

Drupal cron.php access control.

António P. P. Almeida August 17, 2010 04:24PM

Re: Drupal cron.php access control.

Maxim Dounin August 17, 2010 07:54PM

Re: Drupal cron.php access control.

António P. P. Almeida August 18, 2010 09:18AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 351
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready