Hello,
I am using basic auth + $remote_user variable send to the back-end
application to change context depending on the logged-in user.
The thing is, even if the page rendered by the back-end uses nginx user
authentication, resources from a directory are still allowed for
everyone.
My 'documents' directory is sorted as follows:
documents/
abc/ --> stores content for user 'abc'
def/ --> stores content for user 'def'
...
I tried the following:
location ^~ /documents/(\w+) {
if ($1 != $remote_user) {
return 503;
}
}
But Nginx refuses to validate configuration:
nginx: [emerg] unknown "1" variable
nginx: configuration file /etc/nginx/nginx.conf test failed
Does the 'if' directive have an environment isolated for the on of the
'location' directive?
Am I using wrong syntax?
Is there a 'IfIsEvil' case corresponding to my needs to avoid the use of
the 'if' directive?
Thanks,
---
*B. R.*
on 2013-02-28 23:38
on 2013-03-10 10:30
I'll answer to my own question there: Apparently, yes, evaluating something with the 'if' directive doesn't propagate the environment containing the variables from the 'location' directive. All explained on StackOverflow<http://stackoverflow.com/questions/10876252/nginx-... . The *incorrect* way: location ^~ /documents/(\w+) { if ($1 != $remote_user) { return 503; } } *--> $1 variable is unknown* The *correct* way: location ^~ /documents/(\w+) { set $user $1; if ($user != $remote_user) { return 503; } } Although the syntax is now OK and the configuration is able to be reloaded, it doesn't seem to work at all... When connecting with the user 'abc', I am still able to access /documents/def/mydoc.txt. What's wrong with my way of restricting access? Thanks for any help, --- *B. R.*
on 2013-03-10 11:47
On Sun, Mar 10, 2013 at 05:29:18AM -0400, B.R. wrote: Hi there, > The *correct* way: > location ^~ /documents/(\w+) { > set $user $1; > if ($user != $remote_user) { > return 503; > } > } > > Although the syntax is now OK and the configuration is able to be reloaded, > it doesn't seem to work at all... I haven't tested the "if" part; but in this case it's mostly likely that this location{} block is not being used at all. Your configuration is syntactically correct, so nginx can load it. But it is not semantically correct, as in "it does not mean what you want it to mean". http://nginx.org/r/location "^~" does not mean "this is a regex location" f -- Francis Daly francis@daoine.org
on 2013-03-10 20:16
Hello, Thanks for that... I thought the ^~ was meaning 'starting with regex'... My bad! I changed the symbol for some of the ones relly meaning 'regex' (~*) and it works! :o) If there is no better way than sticking with 'if', then it's all good. Thanks again, problem solved, --- *B. R.*
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.