使用Nginx反向代理限制SOAP调用

时间:2019-03-07 04:59:10

标签: soap nginx-reverse-proxy

我们为反向代理配置了Nginx服务器,以保护无法修补的老化SOAP服务器。

有人要求我限制客户端可以在特定IP范围内拨打什么电话。

我不知道如何允许一些SOAP调用,但过滤掉其他一些。

Nginux配置为

server  {
  listen 443;
  listen [::]:443;
  server_name shiny.nginx.server;
  ssl on;
  ssl_certificate "/public/directory/proxy.pem";
  ssl_certificate_key "/secret/directory/proxy.key";
  location / {
    proxy_pass http://very.old.server:80/;
    proxy_buffering                     off;
    proxy_set_header Host               $http_host;
    proxy_set_header X-Real-IP          $remote_addr;
    proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto  $scheme;
    auth_basic                          "Username and Password Required";
    auth_basic_user_file                /etc/nginx/.htpasswd;
  }
}

有什么想法可以实现这一目标吗?

谢谢

1 个答案:

答案 0 :(得分:0)

我找到了解决方案。

server  {
    listen 443;
    listen [::]:443;
    server_name shiny.nginx.server;
    ssl on;
    ssl_certificate "/public/directory/proxy.pem";
    ssl_certificate_key "/secret/directory/proxy.key";
    location / {
    proxy_pass http://very.old.server:80/;
    proxy_buffering                     off;
    proxy_set_header Host               $http_host;
    proxy_set_header X-Real-IP          $remote_addr;
    proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto  $scheme;
    auth_basic                          "Username and Password Required";
    auth_basic_user_file                /etc/nginx/.htpasswd;

    if ($remote_addr ~ 192.168.1.1) {
        set $is_user Y;
    }
    if ($http_soapaction ~ SOAP/Request/Goes/Here) {
        set $user_allowed Y;
    }
    set $user_test "${is_user}${user_allowed}";
    if ($user_test = YY) {
        set $good yes;
    }

    if ($good != yes) {
        return 403;
    }
}

由于无法执行嵌套或复杂的测试,因此变得有些棘手...