Issue
I have an Nginx and I need to allow access to Specific Methods for Specific URLs, what's more, is that these URLs contain Regex.
The requirements are as below:
/bill/<SOME_NUMBER_THAT_CHANGES>/verify --> GET & POST only
/bill/ipn/<SOME_STRING_THAT_CHANGES> --> POST only
My current configurations that don't work are as below:
server {
server_name foo.example.com;
location ~ ^/bill/([0-9]+)/verify {
limit_except GET POST {
deny all;
}
proxy_pass http://app:<PORT>/$1;
proxy_set_header X-Real-IP $remote_addr;
}
location ~ ^/bill/ipn/([A-Za-z0-9]+) {
limit_except POST {
deny all;
}
proxy_pass http://app:<PORT>/$1;
proxy_set_header X-Real-IP $remote_addr;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/foo.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/foo.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
For instance, whenever I try to curl
foo.example.com/bill/540/verify
, it returns 404 not found
.
I've used the following links to create the above config:
- "proxy_pass" cannot have URI part in location given by regular expression
- Nginx to allow only POST requests for certain URL's
- https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_except
Question: Any idea how to achieve this?
Any help is appreciated, thanks in advance.
Solution
Okay, I figured it out:
server {
server_name foo.example.com;
location ~ ([0-9]+)\/verify(\?status=.*)* {
rewrite ([0-9]+)\/verify(\?status=.*)* /bill/$1/verify$2 break;
proxy_pass http://app:<PORT>;
proxy_set_header X-Real-IP $remote_addr;
limit_except GET POST {
deny all;
}
}
location /bill/ipn {
limit_except POST {
deny all;
}
proxy_pass http://app:<PORT>;
proxy_set_header X-Real-IP $remote_addr;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/foo.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/foo.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
The trick was capturing the parts I wanted and then passing them as variables such as $1, $2, ...
in the rewrite
section.
I used This regex builder in PCRE flavor since it was mentioned in Nginx docs to make sure my regex is correct.
Answered By - Skipper Answer Checked By - Marie Seifert (WPSolving Admin)