nginx location match on ssl_client_verify

tribal star

I'm trying to setup nginx to match certain URLs on servers granted conditional access (ie, only servers with valid client certificates can access the zone).

Currently, simple location blocking works well to prevent access by unauthorized users:

location ~ ^/protected/ticketing {
         if ($ssl_client_verify != SUCCESS) { return 401; }
#need treatment of php files here after SUCCESS = $ssl_client_verify ?!
}

So no one can access /protected/ticketing/anyThingHere

but. This return 401 is not triggered when you actually present a valid certificate, the upstream FPM server does not resolve /protected/ticketing/index.php, but serves it up for download (ie, sets the content-disposition to the default eight-bit bitstream).

Is there an elegant way to do this?

My upstream is defined as:

upstream backend {
server unix:/var/run/php5-fpm.sock;
}

PHP handler location block:

location ~ [^/]\.php(/|$) {
 fastcgi_split_path_info ^(.+?\.php)(/.*)$;
 if (!-f $document_root$fastcgi_script_name){return 404;}
 fastcgi_pass backend; #pass request to the upstream
 fastcgi_index index.php;
 include fastcgi_params;
}
tribal star

I ended up with a nested positional solution. It's dirty and I'm sure there must be a better solution than this.

location ~ [^/]\.php(/|$) {
# 
#... other PHP related settings 
#... other PHP related settings 
#

fastcgi_pass backend;

location ~ ^/protected/ticketing {
        #check X.509
        if ($ssl_client_verify != SUCCESS) {return 401;}

fastcgi_pass backend; #this was still mandatory even though parent (.php) block already had this directive, but w/o putting pass here PHP won't get interpreted?!

}

}

Related

nginx location match on ssl_client_verify

tribal star I'm trying to setup nginx to match certain URLs on servers granted conditional access (ie, only servers with valid client certificates can access the zone). Currently, simple location blocking works well to prevent access by unauthorized users: loc

nginx location match on ssl_client_verify

tribal star I'm trying to setup nginx to match certain URLs on servers granted conditional access (ie, only servers with valid client certificates can access the zone). Currently, simple location blocking works well to prevent access by unauthorized users: loc

Nginx does not match location

Petty Ilamicciolo La Cotoniana Can anyone tell me why this ngnix config doesn't match all URLs starting with /admin: location /admin { alias {{path_to_static_page}}/admin/build/; try_files $uri $uri/ /index.html; } It always goes back

Nginx does not match location

Petty Ilamicciolo La Cotoniana Can anyone tell me why this ngnix config doesn't match all URLs starting with /admin: location /admin { alias {{path_to_static_page}}/admin/build/; try_files $uri $uri/ /index.html; } It always goes back

Nginx does not match location

Petty Ilamicciolo La Cotoniana Can anyone tell me why this ngnix config doesn't match all URLs starting with /admin: location /admin { alias {{path_to_static_page}}/admin/build/; try_files $uri $uri/ /index.html; } It always goes back

Nginx does not match location

Petty Ilamicciolo La Cotoniana Can anyone tell me why this ngnix config doesn't match all URLs starting with /admin: location /admin { alias {{path_to_static_page}}/admin/build/; try_files $uri $uri/ /index.html; } It always goes back

Nginx does not match location

Petty Ilamicciolo La Cotoniana Can anyone tell me why this ngnix config doesn't match all URLs starting with /admin: location /admin { alias {{path_to_static_page}}/admin/build/; try_files $uri $uri/ /index.html; } It always goes back

Nginx does not match location

Petty Ilamicciolo La Cotoniana Can anyone tell me why this ngnix config doesn't match all URLs starting with /admin: location /admin { alias {{path_to_static_page}}/admin/build/; try_files $uri $uri/ /index.html; } It always goes back

Nginx does not match location

Petty Ilamicciolo La Cotoniana Can anyone tell me why this ngnix config doesn't match all URLs starting with /admin: location /admin { alias {{path_to_static_page}}/admin/build/; try_files $uri $uri/ /index.html; } It always goes back

Nginx does not match location

Petty Ilamicciolo La Cotoniana Can anyone tell me why this ngnix config doesn't match all URLs starting with /admin: location /admin { alias {{path_to_static_page}}/admin/build/; try_files $uri $uri/ /index.html; } It always goes back

Nginx `location/` does not match `/some_path`

VB_ Help me please configure nginx: I want nginx to return index.htmlall URLs like 10.10.256.142/that 10.10.256.142/some_pathas well 10.10.256.142/other_path/lala. Problem: Currently index.htmlonly the URL is returned .10.10.256.142/ my current settings listen

How to match # characters in url in nginx by location directive

Somedev How to use location directive to match # character in url? I understand we can use regex (PCRE) but their documentation says: The location directive only tries to match from the first/to the first of the hostname? previous match. or #. (In that scope,

Nginx `location/` does not match `/some_path`

VB_ Help me please configure nginx: I want nginx to return index.htmlall URLs like 10.10.256.142/that 10.10.256.142/some_pathas well 10.10.256.142/other_path/lala. Problem: Currently index.htmlonly the URL is returned .10.10.256.142/ my current settings listen

Match in Nginx location returns empty $1 although redirect works

Alessandro Maselli I'm new to Nginx and I need to permanently redirect URLs like this: https://www.mywebsite.ext/mars/2015/mypage.php?foo=1&bar=0 to another like this: https://www.mywebsite.ext/earth?year=2015&foo=1&bar=0 The location directive I'm trying to

How to define location regex match block in nginx.conf

Avner Moshkovitz I have a webapp with nginx that I want to configure (inside a docker container: webserver_nginx_1). .html code structure: admin_view_groups.html expands layout.html (via jinja2) admin_view_groups.html, load main.js through layout.html I want t

Why does a simple NGINX exact location match fail?

Mattia I'm trying to use NGINX to route requests without a path (eg http://example.com/or ) to a specific html file using this configuration (this is just the relevant part in the server configuration):http://example.com root $root; location = / { index i

Match in Nginx location returns empty $1 although redirect works

Alessandro Maselli I'm new to Nginx and I need to permanently redirect URLs like this: https://www.mywebsite.ext/mars/2015/mypage.php?foo=1&bar=0 to another like this: https://www.mywebsite.ext/earth?year=2015&foo=1&bar=0 The location directive I'm trying to

How to define location regex match block in nginx.conf

Avner Moshkovitz I have a webapp with nginx that I want to configure (inside a docker container: webserver_nginx_1). .html code structure: admin_view_groups.html expands layout.html (via jinja2) admin_view_groups.html, load main.js through layout.html I want t

Why does a simple NGINX exact location match fail?

Mattia I'm trying to use NGINX to route requests without a path (eg http://example.com/or ) to a specific html file using this config (this is just the relevant part in the server config):http://example.com root $root; location = / { index index.html;

How to define location regex match block in nginx.conf

Avner Moshkovitz I have a webapp with nginx that I want to configure (inside a docker container: webserver_nginx_1). .html code structure: admin_view_groups.html expands layout.html (via jinja2) admin_view_groups.html, load main.js through layout.html I want t

Why does a simple NGINX exact location match fail?

Mattia I'm trying to use NGINX to route requests without a path (eg http://example.com/or ) to a specific html file using this config (this is just the relevant part in the server config):http://example.com root $root; location = / { index index.html;

Match in Nginx location returns empty $1 although redirect works

Alessandro Maselli I'm new to Nginx and I need to permanently redirect URLs like this: https://www.mywebsite.ext/mars/2015/mypage.php?foo=1&bar=0 to another like this: https://www.mywebsite.ext/earth?year=2015&foo=1&bar=0 The location directive I'm trying to

How to define location regex match block in nginx.conf

Avner Moshkovitz I have a webapp with nginx that I want to configure (inside a docker container: webserver_nginx_1). .html code structure: admin_view_groups.html expands layout.html (via jinja2) admin_view_groups.html, load main.js through layout.html I want t