Hi
Months ago I was trying to setup a nginx-CAS environment and found this
issue (I'll explain below). Now, I have found it again, but this time
seems not so easy to workaround.
Scenario:
Client connects to Apache which forwards to Apereo CAS server and
authenticate the user.
Once authenticated, Apache reverse proxy NGINX with a http header in the
request which contains the list of groups the user is member of.
To sum up: nginx knows the user, has a comma separated list of groups,
and the location the user requested to browse.
In the past event, I had ~200 Group/URLs I wanted to protect, and tried to:
map $request_method:$http_groups:$request_uri $denied {
default 1;
~^GET:group$group:/$group 0;
}
sadly, map does not expand the left side of the statement, so I couldn't
do that and ended doing:
map $request_method:$http_groups:$request_uri $denied {
default 1;
~^GET:group1:/group1 0;
~^GET:group2:/group2 0;
...
200 lines
...
}
As previously said, today I'm having the same issue, but this time the
predefined group list is not known. Actually, a user creates a "chat
room" and only users from specified group list can join.
As I could send this "new list" as a header to nginx: It is possible to
compare two nginx variables to check if "$a do not contain $b"?
Actually I'm usin regex backreferences to solve it. eg:
$tmp="$var1:$var2" and $tmp ~ "(.*):\1"
Regards.
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
