Discover Centmin Mod today
Register Now

Nginx nginx configuration question

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Oxide, May 8, 2015.

Tags:
  1. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    12:12 PM
    if ($http_cookie ~ "TPFR=$CSVariable") {
    return 403;
    }

    Anyone here have any idea why this will not work? I am trying to check if $CSVariable cookie is set. For some reason, it's not working properly..

    perhaps i cant just paste a variable there inside a if rule..?


    this works fine:

    if ($l7_protect = 0) {
    add_header Set-Cookie "TPFR=$CSVariable;Path=/";
    }
    sucecsfully stores cookie, but the check is failing (perhaps its checking for $CSVariable instead of the actual variable text
     
  2. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    12:12 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Last edited: May 8, 2015
  3. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    12:12 PM
    Yeah I've tried there.

    set_sha1 $SHAIP test;

    if ($http_cookie ~ "EXAMPLE=$SHAIP") {

    Any idea why this won't work? It won't let me put variable there for some reason. How can I do this?

    Basically I want the "if http cookie".. Check if the sha1'd cookie is legit, i am hashing the cookie then checking if its legit/set.
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    12:12 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    AFAIK, you can't use variables from right side of =. Where are you sourcing the info and instructions you are trying to follow for this ? Got links ?

    Still asking at Nginx Forum :: Nginx Mailing List - English would be helpful too as I don't provide support for such stuff beyond providing the base tool = Centmin Mod LEMP stack
     
  5. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    12:12 PM
    This is what I'm using currently:

    Code:
    set $l7_protect 0;
    
    if ($http_cookie ~ "TechPulse_Firewall=8c4947e96c7c9f770aa386582e32ce7ce1b96e69") {
      set $l7_protect 1;
    }
    if ($l7_protect = 0) { 
      add_header Set-Cookie "TechPulse_Firewall=8c4947e96c7c9f770aa386582e32ce7ce1b96e69;Path=/"; 
      rewrite ^ $scheme://$host$request_uri permanent;
    }
    However. I would like it to use set misc to generate a hash based on the word I'm using like this:

    Code:
    set $l7_protect 0;
    set_sha1 [B]$SHAIP[/B] test;
    
    if ($http_cookie ~ "TechPulse_Firewall=[B]$SHAIP[/B]") {
      set $l7_protect 1;
    }
    if ($l7_protect = 0) { 
      add_header Set-Cookie "TechPulse_Firewall=[B]$SHAIP[/B];Path=/"; 
      rewrite ^ $scheme://$host$request_uri permanent;
    }
    
    I notice that =$SHAIP does not work. So I'm curious of other ways we can do this? I appreciate your help, a lot. I've also submitted topic there, but no reply so far.

    It succesfully add cookie, with the sha1 however the issue is the if cookie rule where I have $SHAIP after TechPulse_Firewall=
     
  6. Oxide

    Oxide Active Member

    534
    29
    28
    Mar 19, 2015
    Ratings:
    +59
    Local Time:
    12:12 PM
    No links, i made these rules up my self and though of hashing the etc.. user agent, then log that as cookie to prevent spoofing of cookie.