Nginx 中检测客户端不包含 Cookie:abc 即禁止访问怎么写？

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

现在注册

已注册用户请登录

NGINX

NGINX Trac

3rd Party Modules

Security Advisories

CHANGES

OpenResty

ngx_lua

Tengine

在线学习资源

NGINX 开发从入门到精通

NGINX Modules

ngx_echo

这是一个创建于 3291 天前的主题，其中的信息可能已经有所发展或是发生改变。

即所有访问客户端必须包含一个 cookie 名为 abc ，如不包含该 cookie 即禁止访问

不在服务器端处理，仅在 nginx 中是否可以做到？谢谢！

Nginx

abc

访问

10 条回复 2016-12-20 13:32:31 +08:00

Phant0m

2016-12-20 00:25:26 +08:00 via iPhone

ngx lua 可以实现

lhbc

2016-12-20 00:54:49 +08:00

map $COOKIE_abc

shiniv

2016-12-20 01:29:48 +08:00

试试这样能能否符合你的需求

set $auth_cookie 0;
if ($http_cookie ~* "AUTH_COOKIE=([a-z0-9]+)(?:/|$)") {
set $auth_cookie 1;
}

if ($auth_cookie = 0) {
return 403;
}

jarlyyn

2016-12-20 01:39:47 +08:00

location / {
if ( $cookie_antiscanpassword != "password") {
return 403;
}
proxy_pass http://127.0.0.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

http://blog.jarlyyn.com/site/blogi/100-%E7%94%A8nginx%2Bcookie%E9%98%B2%E6%AD%A2%E7%AE%80%E5%8D%95%E7%9A%84%E6%8A%93%E5%8F%96%2F%E7%A0%B4%E8%A7%A3%E9%AA%9A%E6%89%B0

我线上在用的

nikoo

2016-12-20 03:13:11 +08:00

@jarlyyn 谢谢，很有帮助

如果仅判断 cookie 是否存在怎么处理？实际生产环境中 abc 的 cookie 值每个用户是不同的，没法这样写在配置里判断

jarlyyn

2016-12-20 03:37:22 +08:00 via Android

@nikoo

就是 if 那一句

nikoo

2016-12-20 09:20:30 +08:00

@jarlyyn

if ( $cookie_antiscanpassword != "password") {
这句是判断名为 antiscanpassword 的 cookie 值是否为 "password" 吧？而不是判断 antiscanpassword 是否存在

jarlyyn

2016-12-20 10:05:46 +08:00

@nikoo

应该是直接 if ( $cookie_antiscanpassword)，不行的话正则处理 if ( $cookie_antiscanpassword~ .+)

参考 http://nginx.org/en/docs/http/ngx_http_rewrite_module.html

a variable name; false if the value of a variable is an empty string or “ 0 ”;
Before version 1.0.1, any string starting with “ 0 ” was considered a false value.
comparison of a variable with a string using the “=” and “!=” operators;
matching of a variable against a regular expression using the “~” (for case-sensitive matching) and “~*” (for case-insensitive matching) operators. Regular expressions can contain captures that are made available for later reuse in the $1..$9 variables. Negative operators “!~” and “!~*” are also available. If a regular expression includes the “}” or “;” characters, the whole expressions should be enclosed in single or double quotes.
checking of a file existence with the “-f ” and “!-f ” operators;
checking of a directory existence with the “-d ” and “!-d ” operators;
checking of a file, directory, or symbolic link existence with the “-e ” and “!-e ” operators;
checking for an executable file with the “-x ” and “!-x ” operators.

AlexaZhou

2016-12-20 11:20:10 +08:00

不想太麻烦的话，可以试试 VeryNginx

TaMud

2016-12-20 13:32:31 +08:00

https://flfq.peuland.com/index.php/2014/09/03/%E5%A6%82%E4%BD%BF%E5%9C%A8nginx%E4%B8%8B%E9%98%B2%E7%9B%97%E9%93%BE%EF%BC%8C%E9%87%8D%E7%82%B9%E9%98%B2%E8%BF%85%E9%9B%B7/

有你要的答案