How to manage dynamic url's ?
Skip to first unread message
stepha...@digimind.com
Dec 3, 2012, 5:33:50 AM12/3/12
to naxsi-...@googlegroups.com
Hi list,
I got the following problem : my SaaS application provide a per-customer URL (http://website/customer_alias/... or http://website/webapp/customer/...)
I cannot use a regexp in the rules as it's not supported (ie http://website/[a-zA-Z0-9]*/...)
For the moment the only solution I find is to duplicate the same ruleset for each customer, then use nginx location to use the correct rule :
I got the following problem : my SaaS application provide a per-customer URL (http://website/customer_alias/... or http://website/webapp/customer/...)
I cannot use a regexp in the rules as it's not supported (ie http://website/[a-zA-Z0-9]*/...)
For the moment the only solution I find is to duplicate the same ruleset for each customer, then use nginx location to use the correct rule :
location /customer1 {
...
include "/etc/nginx/customer1.rules";
...
}
location /customer2 {
...
include "/etc/nginx/customer2.rules";
...
}
It should work but as we're talking about hundred of customer, it will be a mess to manage.
And I'm not sure this will not have perfomances impact on nginx.
Anybody got an idea on a simplier way to workaround the problem ?
Thanks
Didier C.
Dec 4, 2012, 3:02:21 AM12/4/12
to naxsi-...@googlegroups.com
Hi,
If you can't factorize on NAXSI rules because websites are behaving differently then your problem is only how to ease hundreds of websites management.
First you can use Nginx include statement so you can include dites-enabled.d directory structure like in Apache. Meaning you can have a single location file for every virtualhost and ease its maintenance together with your configuration management system.
Cheers
Didier
bui
Dec 4, 2012, 5:12:59 AM12/4/12
to naxsi-discuss
Hi Stephane,
To manage various dynamic URLs, if you want to apply the same rules for different url groups, you can use nginx locations that DO support regex.
Please find an exemple here :
stepha...@digimind.com
Dec 4, 2012, 5:51:42 AM12/4/12
to naxsi-...@googlegroups.com
Yes i've already read this great article, but for me it's the rules which are different (url's changing for each customer)
stepha...@digimind.com
Dec 4, 2012, 5:59:42 AM12/4/12
to naxsi-...@googlegroups.com, didier.co...@googlemail.com
@Didier : Yes it's what I'm going to do : one vhost/rules files per customer, and a bash script to generate new customer's files.
What i'm afraid of is the nginx performances to manage all these locations
What i'm afraid of is the nginx performances to manage all these locations
bui
Dec 4, 2012, 5:59:55 AM12/4/12
to naxsi-discuss
Hello,
Can you please try to provide us a more detailed example with explanation ?
Best regards,
bui
Dec 4, 2012, 6:00:20 AM12/4/12
to naxsi-discuss, Didier C.
Hello,
Multiple locations shouldn't be an issue !
stepha...@digimind.com
Dec 4, 2012, 8:05:24 AM12/4/12
to naxsi-...@googlegroups.com, stepha...@digimind.com
Here is an example of similar rules for 2 differente customers :
CUSTOMER1
BasicRule wl:1000 "mz:$URL:/CUSTOMER1/headers/wnf.asp|$ARGS_VAR|NAME"; BasicRule wl:1000 "mz:$URL:/core/CUSTOMER1/fulltextsearch/main.do|$ARGS_VAR|NAME";
CUSTOMER2
BasicRule wl:1000 "mz:$URL:/CUSTOMER2/headers/wnf.asp|$ARGS_VAR|NAME"; BasicRule wl:1000 "mz:$URL:/core/CUSTOMER2/fulltextsearch/main.do|$ARGS_VAR|NAME";
So rules will always be the same except the customer alias name.
I'll do the 1 location per customer solution, don't see other way to do it.
Thanks for your advices !
Reply all
Reply to author
Forward
0 new messages