Cookie and source IP logic in server block

Hello,

I’m trying to block certain IP ranges at my nginx server, but would like
to
offer the ability to bypass the block by completing a back-end CAPTCHA,
which would set a cookie.

Currently I set the block like so:

geo $remote_addr $blocked {
default 0;
include /etc/nginx/conf/nginx-blocked-ips.conf;
}

…

recursive_error_pages on;
error_page 429 = @banned;
if ($blocked = 1) {
return 429;
}

location @banned {
set $args “”;
rewrite ^ /banned/ ;
}

Since I can’t nest “if” statements and I can’t make a compound check
using
“&&” or “||” or something similar, how can I check both the blocked
variable
and look to see if a cookie is set?

Posted at Nginx Forum:

On Mon, Oct 14, 2013 at 06:16:14PM -0400, sfrazer wrote:

Hi there,

untested, but…

geo $remote_addr $blocked {
default 0;
include /etc/nginx/conf/nginx-blocked-ips.conf;
}

map $blocked$cookie_whatever $reallyblocked {
default 0;
1 1;
}

If it is blocked by geo, and has no cookie_whatever, then $reallyblocked
is 1. If it has any value for cookie_whatever, or $blocked is not 1,
then $reallyblocked is 0.

f

Francis D. [email protected]

Thanks! I wasn’t aware you could combine variables like that in a map
statement. handy.

Posted at Nginx Forum: