Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

nginx as a reverse proxy to limit http verb access

Tags:

rest

nginx

proxy

couchdb

So I've got an app that uses CouchDB as the backend. Couch doesn't really have it's security/user model in place yet, and by default anyone can do anything (including deleting records and even the entire database). But, if we limit access to only GET requests we're much safer.

I was hoping I could put nginx out front as a reverse proxy, but I can't find an option that lets you filter requests based on the verb coming in. Pound does this so I'm thinking of going that route, but we already use nginx extensively and it would be nice not to have to add another technology in the mix. Anyone know if there's an option that will let this happen?

I'd even settle for a mod_proxy option in Apache. Any ideas?

like image 511
Rob Cameron Avatar asked Jan 27 '10 22:01

Rob Cameron

People also ask

Can Nginx be used as reverse proxy?

Nginx is an open source web server that can also serve as a reverse proxy. Apart from being used to host websites, it's also one of the most widely used reverse proxy and load balancing solutions.

How does Nginx work as a reverse proxy?

Nginx reverse proxy acts as an intermediate server that intercepts client requests and forwards them to the appropriate upstream backend server and subsequently forwarded a response from the server back to the client. The reverse proxy provides various benefits as an abstract layer above upstream servers.

Can Nginx Do Rate limiting?

You can use the NGINX Controller to configure request rate limiting for each of your published API on your deployed NGINX instance(s). The following table describes the settings available for configuring request rate limiting on the NGINX Controller. The request variable used to apply the rate limit.

How do I restrict access to Nginx?

Restricting Directory AccessLog in to the web server. Locate the Nginx configuration template (see "Locating the Nginx configuration file"). Add the deny directive (see "The Deny Directive") to the server block of your site's configuration. Save your changes and restart Nginx.

1 Answers

Try using the limit_except directive instead. It's better to avoid using if because if is evil.

limit_except GET {
  deny   all;
}

Reference

like image 116
Mike Johnson Avatar answered Sep 27 '22 17:09

Mike Johnson
Sign in to Comment

Related questions

Multiple GET parameter with Express
Download zip file using Angular
Firestore REST API starting query
Is django-piston mature enough?
How to handle validation errors and exceptions in a RESTful Spring MVC controller?
Spring MVC REST JPA Hibernate Jackson infinite recursion one-to-many JSON error
Returning http status codes with a rest api
HttpClient not available Shared Library project Xamarin
RESTful HTTP response codes
Multiple key/value pairs in HTTP POST where key is the same name
SOAP/REST Webservices XML case sensitivity
Get restify REST API server to support both HTTPS and HTTP
Converting ZonedDateTime type to Gson
create a Jax-RS RESTful service that accepts both POST and GET?
Why is my Web API method with double args not getting called?
Mysql returning incorrect bigint result by one, very strange error
SpringBoot @WebMvcTest security issue
cURL PHP RESTful service always returning FALSE
PHP: Using API key in CURL GET Call
Elasticsearch: HOW-TO delete a (cluster) setting

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!