Reputation: 9786
nginx as a reverse proxy to limit http verb access
So I've got an app that uses CouchDB as the backend. Couch doesn't really have it's security/user model in place yet, and by default anyone can do anything (including deleting records and even the entire database). But, if we limit access to only GET requests we're much safer.
I was hoping I could put nginx out front as a reverse proxy, but I can't find an option that lets you filter requests based on the verb coming in. Pound does this so I'm thinking of going that route, but we already use nginx extensively and it would be nice not to have to add another technology in the mix. Anyone know if there's an option that will let this happen?
I'd even settle for a mod_proxy option in Apache. Any ideas?
Upvotes: 7
Views: 3350
Answers (2)
Reputation: 745
Try using the limit_except directive instead. It's better to avoid using if because if is evil.
limit_except GET {
deny all;
}
Upvotes: 17
Reputation: 19385
You can get access to the HTTP request type from the $request_method variable. So:
location / {
if ($request_method = 'GET') {
proxy_pass couchdb_backend;
}
}
Upvotes: 8
Related Questions
- Configure Nginx as reverse proxy for Couchdb
- NGINX: Limit the number of connections to an upstream server
- How can I restrict access to an RESTful API with a nginx reverse proxy server?
- How to restrict ip access in nginx
- Enable reverse proxy and block access to the original port
- Restrict Rest API call from Nginx reverse proxy
- Couchbase Nginx Plugin Module as Reverse Proxy
- Limit nginx requests by http verb
- Restricting direct access to port, but allow port forwarding in Nginx
- Issue with nginx proxy_pass and couchdb