Nginx as a reverse proxy to restrict access to the http-verb

Question

Nginx as a reverse proxy to restrict access to the http-verb

So, I have an application that uses CouchDB as a backend. Couch doesn't really have a security / user model, and by default, anyone can do anything (including deleting records and even the entire database). But, if we restrict access only to GET requests, we are much safer.

I was hoping I could port nginx to the front as a reverse proxy, but I cannot find an option that allows me to filter requests based on the verb that comes in. The pound does this, so I’m thinking about going this route, but we are already using nginx extensively, and it would be nice not to add new technology to the mix. Does anyone know if there is an option that will allow this to happen?

I would even agree on the mod_proxy option in Apache. Any ideas?

+7

rest couchdb proxy nginx

Rob cameron Jan 27 '10 at 22:18

source share

2 answers

Try using the limit_except directive instead. It is better to avoid using if , because if it is evil .

 limit_except GET { deny all; }

Link

+14

Mike johnson Oct 19 '11 at 18:00

source share

Phillip b oldham · Accepted Answer · 2010-02-08T10:10:20+0000

You can access the HTTP request type from the $request_method variable. So:

 location / { if ($request_method = 'GET') { proxy_pass couchdb_backend; } }

Nginx as a reverse proxy to restrict access to the http-verb

More articles: