Hello!

On Mon, Oct 11, 2010 at 05:08:09PM +0100, Valery Kholodkov wrote:

>
> ----- Markus Jelsma <markus.jelsma@openindex.io> wrote:
> > Hi list,
> >
> > We're having an upstream server that can accept many different parameters. Most
> > query string parameters can be predefined in the backend itself but some cannot
> > because they are unpredictable.
> >
> > We'd like to configure our proxy as to only allow a set of parameters that we
> > want to define in Nginx. Configuring the list in a map seems easy, but comparing
> > it to the actual query parameters seems hard.
> >
> > I know how i can test on availability of parameters by using $args_PARAMETER
> > and the if directive. But just as in the backend, we wan't to inverse the
> > list. We need to define what IS allowed, not wat ISN'T allowed.
> >
> > Any suggestions on how to procede?
>
> The only solution I know that doesn't require low level coding is build in perl.

I believe apropriate checks may be easily written with regexp,
e.g. this one will allow only arg1 and arg2 arguments:

if ($args !~ "^(((arg1|arg2)=[^&;]*)([&;]+((arg1|arg2)=[^&;]*))*)?$") {
return 403;
}

("?:" omitted for clarity)

The only downside that it uses "if", which is known to be evil
(http://wiki.nginx.org/IfIsEvil). Though this one is safe even in
location context as it uses "return".

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx