at least you’re missing or (|) operator between > TRUSTED_CC_2 and TRUSTED_CC_3
br, Aziz. > On 12 Nov 2017, at 14:03, Jean-Paul Hemelaar <[email protected]> wrote: > > Hi! > > I'm using Nginx together with Naxsi; so not sure it this is the correct place > for this post, but I'll give it a try. > > I want to configure two detection thresholds: a strict detection threshold > for 'far away countries', and a less-strict set > for local countries. I'm using a setup like: > > location /strict/ { > include /usr/local/nginx/naxsi.rules.strict; > > proxy_pass http://app-server/; > } > > location /not_so_strict/ { > include /usr/local/nginx/naxsi.rules.not_so_strict; > > proxy_pass http://app-server/; > } > > location / { > # REMOVED BUT THIS WORKS: > # include /usr/local/nginx/naxsi.rules.not_so_strict; > set $ruleSet "strict"; > if ( $geoip_country_code ~ (TRUSTED_CC_1|TRUSTED_CC_2TRUSTED_CC_3) ) { > set $ruleSet "not_so_strict"; > } > > rewrite ^(.*)$ /$ruleSet$1 last; > } > > location /RequestDenied { > return 403; > } > > > The naxsi.rules.strict file contains the check rules: > CheckRule "$SQL >= 8" BLOCK; > etc. > > For some reason this doesn't work. The syntax is ok, and I can reload Nginx. > However the firewall never triggers. If I uncomment the include in the > location-block / it works perfectly. > Any idea's why this doesn't work, or any better setup to use different > rulesets based on some variables? > > Thanks, > > JP > > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
