We’re having an upstream server that can accept many different
parameters. Most
query string parameters can be predefined in the backend itself but some
cannot
because they are unpredictable.
We’d like to configure our proxy as to only allow a set of parameters
that we
want to define in Nginx. Configuring the list in a map seems easy, but
comparing
it to the actual query parameters seems hard.
I know how i can test on availability of parameters by using
$args_PARAMETER
and the if directive. But just as in the backend, we wan’t to inverse
the
list. We need to define what IS allowed, not wat ISN’T allowed.
I know how i can test on availability of parameters by using $args_PARAMETER
and the if directive. But just as in the backend, we wan’t to inverse the
list. We need to define what IS allowed, not wat ISN’T allowed.
Any suggestions on how to procede?
The only solution I know that doesn’t require low level coding is build
in perl.
I see, thanks for the suggestion. We’ll consider it!
On Monday, October 11, 2010 06:08:09 pm Valery K. wrote:
I know how i can test on availability of parameters by using
$args_PARAMETER and the if directive. But just as in the backend, we
wan’t to inverse the list. We need to define what IS allowed, not wat
ISN’T allowed.
Any suggestions on how to procede?
The only solution I know that doesn’t require low level coding is build in
perl.
On Mon, Oct 11, 2010 at 05:08:09PM +0100, Valery K. wrote:
it to the actual query parameters seems hard.
I know how i can test on availability of parameters by using $args_PARAMETER
and the if directive. But just as in the backend, we wan’t to inverse the
list. We need to define what IS allowed, not wat ISN’T allowed.
Any suggestions on how to procede?
The only solution I know that doesn’t require low level coding is build in perl.
I believe apropriate checks may be easily written with regexp,
e.g. this one will allow only arg1 and arg2 arguments:
if ($args !~ “^(((arg1|arg2)=[^&;])([&;]+((arg1|arg2)=[^&;]))*)?$”)
{
return 403;
}