Welcome! Log In Create A New Profile

Advanced

Configure NGINX to deny web socket connections except for certain paths

April 01, 2020 09:10AM
This will sound a little odd, but we have an NGINX reverse proxy acting as an SSL termination point for a remote desktop web gateway from Microsoft.

Currently, the primary Web Client ingress point is protected by SSL Client Certificates - you must have a valid SSL CLient Certificate to get to the web component.

However, RDWeb from Microsoft still has to establish WSS connections (`wss://...`) to the RD Gateway component - a separate server. The tricky part about this is it uses *only* `wss`. This works fine if the web frontend is open to all, but we want to restrict it so that only one WSS pathway can actually be used and no other WSS requests work.

When attempting to make this work, we've been trying various configurations of location matching ultimately ending with the WSS connections all failing except when passed through directly WITHOUT any restrictions (that is, `location / { ... }` is globally permitted for the gateway component.)

Is there a way to configure NGINX so that it tests the requested wss path *first* before it hands off to the backend, thereby determining if it's permitted or rejected?
Subject Author Posted

Configure NGINX to deny web socket connections except for certain paths

teward April 01, 2020 09:10AM

Re: Configure NGINX to deny web socket connections except for certain paths

teward April 01, 2020 09:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 72
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready