V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
NGINX
NGINX Trac
3rd Party Modules
Security Advisories
CHANGES
OpenResty
ngx_lua
Tengine
在线学习资源
NGINX 开发从入门到精通
NGINX Modules
ngx_echo
nikoo
V2EX  ›  NGINX

Nginx 中检测客户端不包含 Cookie:abc 即禁止访问怎么写?

  •  
  •   nikoo · 2016-12-20 00:10:07 +08:00 · 4718 次点击
    这是一个创建于 2900 天前的主题,其中的信息可能已经有所发展或是发生改变。
    即所有访问客户端必须包含一个 cookie 名为 abc ,如不包含该 cookie 即禁止访问

    不在服务器端处理,仅在 nginx 中是否可以做到?谢谢!
    10 条回复    2016-12-20 13:32:31 +08:00
    Phant0m
        1
    Phant0m  
       2016-12-20 00:25:26 +08:00 via iPhone
    ngx lua 可以实现
    lhbc
        2
    lhbc  
       2016-12-20 00:54:49 +08:00
    map $COOKIE_abc
    shiniv
        3
    shiniv  
       2016-12-20 01:29:48 +08:00
    试试这样能能否符合你的需求

    set $auth_cookie 0;
    if ($http_cookie ~* "AUTH_COOKIE=([a-z0-9]+)(?:/|$)") {
    set $auth_cookie 1;
    }

    if ($auth_cookie = 0) {
    return 403;
    }
    jarlyyn
        4
    jarlyyn  
       2016-12-20 01:39:47 +08:00   ❤️ 2
    location / {
    if ( $cookie_antiscanpassword != "password") {
    return 403;
    }
    proxy_pass http://127.0.0.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }


    http://blog.jarlyyn.com/site/blogi/100-%E7%94%A8nginx%2Bcookie%E9%98%B2%E6%AD%A2%E7%AE%80%E5%8D%95%E7%9A%84%E6%8A%93%E5%8F%96%2F%E7%A0%B4%E8%A7%A3%E9%AA%9A%E6%89%B0

    我线上在用的
    nikoo
        5
    nikoo  
    OP
       2016-12-20 03:13:11 +08:00
    @jarlyyn 谢谢,很有帮助

    如果仅判断 cookie 是否存在怎么处理?实际生产环境中 abc 的 cookie 值每个用户是不同的,没法这样写在配置里判断
    jarlyyn
        6
    jarlyyn  
       2016-12-20 03:37:22 +08:00 via Android
    @nikoo

    就是 if 那一句
    nikoo
        7
    nikoo  
    OP
       2016-12-20 09:20:30 +08:00
    @jarlyyn

    if ( $cookie_antiscanpassword != "password") {
    这句是判断名为 antiscanpassword 的 cookie 值是否为 "password" 吧?而不是判断 antiscanpassword 是否存在
    jarlyyn
        8
    jarlyyn  
       2016-12-20 10:05:46 +08:00
    @nikoo

    应该是直接 if ( $cookie_antiscanpassword),不行的话正则处理 if ( $cookie_antiscanpassword~ .+)

    参考 http://nginx.org/en/docs/http/ngx_http_rewrite_module.html

    a variable name; false if the value of a variable is an empty string or “ 0 ”;
    Before version 1.0.1, any string starting with “ 0 ” was considered a false value.
    comparison of a variable with a string using the “=” and “!=” operators;
    matching of a variable against a regular expression using the “~” (for case-sensitive matching) and “~*” (for case-insensitive matching) operators. Regular expressions can contain captures that are made available for later reuse in the $1..$9 variables. Negative operators “!~” and “!~*” are also available. If a regular expression includes the “}” or “;” characters, the whole expressions should be enclosed in single or double quotes.
    checking of a file existence with the “-f ” and “!-f ” operators;
    checking of a directory existence with the “-d ” and “!-d ” operators;
    checking of a file, directory, or symbolic link existence with the “-e ” and “!-e ” operators;
    checking for an executable file with the “-x ” and “!-x ” operators.
    AlexaZhou
        9
    AlexaZhou  
       2016-12-20 11:20:10 +08:00
    不想太麻烦的话,可以试试 VeryNginx
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1081 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 22:32 · PVG 06:32 · LAX 14:32 · JFK 17:32
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.