Preventing args other than list

Hi list,

We’re having an upstream server that can accept many different
parameters. Most
query string parameters can be predefined in the backend itself but some
cannot
because they are unpredictable.

We’d like to configure our proxy as to only allow a set of parameters
that we
want to define in Nginx. Configuring the list in a map seems easy, but
comparing
it to the actual query parameters seems hard.

I know how i can test on availability of parameters by using
$args_PARAMETER
and the if directive. But just as in the backend, we wan’t to inverse
the
list. We need to define what IS allowed, not wat ISN’T allowed.

Any suggestions on how to procede?

Cheers,


Markus J. - CTO - Openindex
http://www.linkedin.com/in/markus17
050-8536600 / 06-50258350

----- Markus J. [email protected] wrote:

I know how i can test on availability of parameters by using $args_PARAMETER
and the if directive. But just as in the backend, we wan’t to inverse the
list. We need to define what IS allowed, not wat ISN’T allowed.

Any suggestions on how to procede?

The only solution I know that doesn’t require low level coding is build
in perl.


Regards,
Valery K.

I see, thanks for the suggestion. We’ll consider it!

On Monday, October 11, 2010 06:08:09 pm Valery K. wrote:

I know how i can test on availability of parameters by using
$args_PARAMETER and the if directive. But just as in the backend, we
wan’t to inverse the list. We need to define what IS allowed, not wat
ISN’T allowed.

Any suggestions on how to procede?

The only solution I know that doesn’t require low level coding is build in
perl.


Markus J. - CTO - Openindex
http://www.linkedin.com/in/markus17
050-8536600 / 06-50258350

Hello!

On Mon, Oct 11, 2010 at 05:08:09PM +0100, Valery K. wrote:

it to the actual query parameters seems hard.

I know how i can test on availability of parameters by using $args_PARAMETER
and the if directive. But just as in the backend, we wan’t to inverse the
list. We need to define what IS allowed, not wat ISN’T allowed.

Any suggestions on how to procede?

The only solution I know that doesn’t require low level coding is build in perl.

I believe apropriate checks may be easily written with regexp,
e.g. this one will allow only arg1 and arg2 arguments:

if ($args !~ “^(((arg1|arg2)=[^&;])([&;]+((arg1|arg2)=[^&;]))*)?$”)
{
return 403;
}

("?:" omitted for clarity)

The only downside that it uses “if”, which is known to be evil
(http://wiki.nginx.org/IfIsEvil). Though this one is safe even in
location context as it uses “return”.

Maxim D.

Ah yes, using an regex didn’t come to mind. We’ll check if it works.

Thanks!

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs