Nginx to allow only POST requests for certain URL's - nginx

I have an application which will be served using GET & POST method's. For better security, I have configured Nginx to serve the pages using only POST requests. Below is the config I have used in Nginx.
Config in Nginx:
if ($request_method !~ ^(POST)$ ){
return 404; }
This is working perfectly.
Now, I wanted to change above configuration in Nginx to serve certain pages with both GET & POST requests. But, I am unable to do it.
I have used lot of combinations, but no luck.
Can some one please help me in configuring nginx for the same.
Below is my Nginx configuration file.
Note: I am using Nginx (at front end) as a webserver and apache (at back end) for serving application. I have configured nginx to redirect the web pages requested to apache successfully.
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 8081;
server_name localhost;
#charset koi8-r;
access_log /logs/host.access.log;
location /WebGoat {
#root html;
#index index.html index.htm;
proxy_pass http://localhost:8080/WebGoat/;
}
location /application { ##sample project
#root html;
#index index.html index.htm;
if ($request_method !~ ^(POST)$){
return 404;
}
proxy_pass http://localhost:8080/application/;
}
location ~ ^register\.html {##register.html page should be served with GET & POST requests
if ($request_method !~ ^(GET|POST)$){
return 500;
}
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
Thanks in Advance,
Sandeep

I would write something like this:
location /application {
proxy_pass http://<host>;
limit_except POST {
deny all;
}
}
## Below three pages should be served with GET & POST
location ~ ^/application/(RegisterServet|pd|LoginServlet)$ {
proxy_pass http://<host>;
}
Changes:
There is almost no reason to write limit_except GET POST. A don't think that it's important to you to forbid OPTIONS request to these addresses.
Do you really want to allow urls like /APPLICATION/Pd/? I don't think so, and I've changed ~* to ~.
Removed path parts from proxy_pass, so nginx will proxy original path.
Removed named location.

Easy way to allow only required request methods
if ($request_method !~ ^(GET|HEAD)$ ) {
return 444;
}

Related

Is it possible to specify an uri in Nginx proxy_pass?

I have a question, is it possible to specify a URI in the Nginx proxy_pass directive?
I currently host two websites on my windows server on a lan network that are set up and accessible via nginx. But I have one problem. One of these sites, which is hosted at my home, needs to specify a uri, because it is not possible to reach it via the normal ip address that I have set in nginx.
To be specific, a subdomain "emfavm.emfasandbox.tk" is reverse proxyed to lan ip "192.168.1.106" by using proxy_pass. I can get to this page using this ip address, but I need to specify the uri, something like this: "https://192.168.1.106/some/uri". I host these pages on another virtual server. When I put this uri as above in proxy_pass in nginx.conf, and I connect to the domain "emfavm.emfasandbox.tk", it gives me an error "bad request, your browser sent a request that this server could not understand"
Here is my nginx.conf:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
server_names_hash_bucket_size 64;
include mime.types;
default_type application/octet-stream;
#=============== HERE IS THE CONF WITH THE HOSTED WEBISTES ======================
include C:/Users/Administrator/Desktop/nginx/conf/sites-enabled/*.conf;
#================================================================================
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
And this is the conf with the website in C:/nginx/sites-enabled/emfavm.conf
server {
listen 80;
server_name emfavm.emfasandbox.tk;
location / {
proxy_pass https://192.168.1.106/#/?username=www.emfasandbox.tk&password=emfasandbox/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Thanks for any help :)
Maybe you can try to change https to http in C:/nginx/sites-enabled/emfavm.conf

Nginx configuration Issue

I am using nginx-1.10.3 as a load balancer. In my architecture, I have two servers-
Hostname - sal15062hkb152, IP Address - 172.15.54.116
Hostname - sal15062hkb184, IP Address - 172.15.54.105
I want both should work in active-passive mode with nginx. My application is running on both servers and client can access my application using URL -
https://sal15062hkb152/views or https://sal15062hkb184/views
My nginx.conf is -
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name sal15062hkb152;
#http://sal15062hkb152/oneview/;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
server {
listen 443 ssl;
server_name sal15062hkb152;
#ssl_certificate cert.pem;
#ssl_certificate_key cert.key;
ssl_certificate iperspective.crt;
ssl_certificate_key iperspective.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root http://oneview;
index index.html index.htm;
}
}
}
I am trying to access https://sal15062hkb152/views but I am getting "404 Not Found" in browser. I believe, my nginx.conf file configuration is not correct. Please let me know proper configuration for my nginx.conf file. Thanks
Add a default virtual server for 80 and 443 otherwise specific configurations wont work.
server {
listen 80;
server_name _; # for every server without specific configuration
return 404; # doesnt matter
}
server {
listen 443;
server_name _; # for every server without configuration
return 404; # doesnt matter
}
Edit: By the way when you got the stuff working, I highly recommend you to have a look at this documentation about secure ssl configuration.
They are based on this article.

http://localhost/phpmyadmin/index.php "No input file specified." nginx Windows Server 2012 php 7

I am trying to setup the nginx server at Windows Server 2012. The problem that I am facing: When I try to access or http://localhost/phpmyadmin/index.php or http://localhost/test.php I receive the message "No input file specified." at nginx Windows Server 2012 php 7. The netstat -abn has the port 9000 open and listening :
TCP 127.0.0.1:9000 0.0.0.0:0 LISTENING
[php-cgi.exe]
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
[nginx.exe]
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING
[mysqld.exe]
The nginx folder is C:\nginx and inside there is C:\nginx\html & C:\nginx\html\phpmyadmin and c:\nginx\php\ folders with all necessary files.
nginx.conf:
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /nginx/html;
index index.php index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ .php$ {
root html;
include fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME html/$fastcgi_script_name;
include fastcgi_params;
}
location /phpmyadmin {
root html/phpmyadmin/index.php;
include fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
index index.php;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
Please can anyone help me? What do I need to change to the conf or ini files or what else is wrong with my setup?
You have multiple problems with your configuration.
You have a common document root, so you should place one root directive in the server block which is then inherited by all location blocks.
The "No input file specified" error message means that SCRIPT_FILENAME is missing or wrong.
The location /phpmyadmin block is unnecessary and should be removed.
In summary, try this:
server {
listen 80;
server_name localhost;
root /nginx/html;
location / {
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location ~ \.php$ {
include fastcgi.conf;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ /\.ht {
deny all;
}
}
A useful resource for nginx documentation is here.

ArchLinux + nginx + Passenger Rails app always pointing to localhost

This is my first time using Arch based Linux environment (Manjaro Linux), and also Nginx.
I installed Nginx, opened http://localhost and it showed the standard Welcome to Nginx page.
Then I created 2 folders:
/etc/nginx/sites-available
etc/nginx/sites-enabled
In sites-available, I created a conf file named iima, with following data:
server {
listen 80;
server_name iima.merged.localhost;
passenger_enabled on;
location / {
root /home/path/redacted/public;
}
}
and then created a symbolic link:
sudo ln -s /etc/nginx/sites-available/iima /etc/nginx/sites-enabled/iima
Then in the /opt/nginx/conf/nginx.conf, I added:
include /etc/nginx/sites-enabled/*;
In the /etc/hosts, I added the following line at the end of the file:
127.0.0.1 iima.merged.localhost iima.merged.localhost
# I also tried below line while removing above line
127.0.0.1 iima.merged.localhost
Restarted the nginx server using sudo systemctl restart nginx (also tried with reload), but typing iima.merged.localhost always points to localhost page.
Am I missing anything? There are no error(s).log created in /var/log/nginx.
EDIT:
Content of /opt/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
passenger_root /home/harsh/.rbenv/versions/1.8.7-p375/lib/ruby/gems/1.8/gems/passenger-4.0.45;
passenger_ruby /home/harsh/.rbenv/versions/1.8.7-p375/bin/ruby;
include mime.types;
include /etc/nginx/sites-enabled/*;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
# server_name_in_redirect off;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}

Nginx Wordpress

I am currently trying to get my Nginx+Mysql+Wordpress work on Fedora 18 x64.
Did the following manual http://www.tecmint.com/install-wordpress-using-lamp-or-lemp-on-rhel-centos-fedora/ but nothing seems to work.
Default Nginx greeting is still displayed at localhost:80.
Should i provide some configuration files as examples?
Please help i am really lost. Google'd everything, reading official Nginx manuals atm.
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /usr/local/etc/nginx/sites-enabled/*;
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /srv/www/wordpress/public_html;
index index.php index.html;
}
# redirect server error pages to the static page /40x.html
#
error_page 404 /404.html;
location = /40x.html {
root /usr/share/nginx/html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
Below is my nginx config for one of my Wordpress sites, minus the domain name and IP address, of course... I built this one using many references online, and it seems to work pretty well.
server {
listen <ip-address>;
server_name domain.com;
rewrite ^(.*) $scheme://www.domain.com$request_uri? permanent;
}
server {
listen <ip-address>;
server_name www.domain.com;
root /www/domain.com/public_html;
access_log /www/domain.com/logs/access.log;
error_log /www/domain.com/logs/error.log;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
index index.html index.htm index.php;
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
if ($uri !~ "^/images/") {
fastcgi_pass unix:/var/run/php-fastcgi/php-fastcgi.socket;
}
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /www/domain.com/public_html$fastcgi_script_name;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}

Resources