hello, how about logs? does naxisi provide any variables that can be monitored?
so far it seems that your rules in ‘strict|relaxed’ are not triggering, the ‘default’ one will always hit (as expected), as it’s first location ‘/‘ from where you route to other 2 locations. also, try to log in debug mode, may be that will give more insights. br, Aziz. > On 13 Nov 2017, at 21:47, Jean-Paul Hemelaar <hemel...@desikkel.nl> wrote: > > Hi, > > I have updated the config to use 'map' instead of the if-statements. That's > indeed a better way. > The problem however remains: > > - Naxsi mainrules are in the http-block > - Config similar to: > > map $geoip_country_code $ruleSetCC { > default "strict"; > CC1 "relaxed"; > CC2 "relaxed"; > } > > location /strict/ { > include /usr/local/nginx/naxsi.rules.strict; > > proxy_pass http://app-server/; > } > > location /relaxed/ { > include /usr/local/nginx/naxsi.rules.relaxed; > > proxy_pass http://app-server/; > } > > location / { > include /usr/local/nginx/naxsi.rules.default; > > set $ruleSet $ruleSetCC; > rewrite ^(.*)$ /$ruleSet$1 last; > } > > > It's always using naxsi.rules.default. If this line is removed it's not using > any rules (pass-all). > > Thanks so far! > > JP > > > > > > On Mon, Nov 13, 2017 at 2:14 PM, Aziz Rozyev <aroz...@nginx.com> wrote: > At first glance config looks correct, so probably it’s something with naxi > rulesets. > Btw, why don’t you use maps? > > map $geoip_coutnry_code $strictness { > default “strict"; > CC_1 “not-so-strict"; > CC_2 “not-so-strict"; > # .. more country codes; > } > > # strict and not-so-strict locations > > map $strictness $path { > "strict” "/strict/"; > "not-so-strict” "/not-so-strict/“; > } > > location / { > return 302 $path; > # .. > } > > > br, > Aziz. > > > > > > > On 12 Nov 2017, at 14:03, Jean-Paul Hemelaar <hemel...@desikkel.nl> wrote: > > > > T THIS WORKS: > > # include /usr/local/n > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx