ngx-fancyindex
ngx-fancyindex copied to clipboard
aperezdc
Possible Bug - Fancyindex Cannot be Enabled/Disabled via Variables
I'm not sure if this is a bug or if it is intentional.
But I'm running into an issue with a config I'd like to implement.
The gist of it is, "normal" requests will be able to access the files in this location properly and disallow viewing of the index. (ie, you can access https://example.com/somedir/totallynotavirus.jpg.mp4.exe.mp3.php.vbs, but not view the directory listing of somedir)
What I'd like to do is pass an argument in the request, (ex https://example.com/somedir?authtoken=12345) and then prompt for Basic Auth.
Example snippet of my proposed/testing config:
server {
[...]
auth_basic_user_file /home/nginx/htpasswd;
autoindex off;
[...]
location ^~ /somedir {
try_files $uri =403;
set $fancyindex off;
set $authbasic off;
if ($arg_authtoken = "12345") {
set $authbasic "Admin";
set $fancyindex on;
}
auth_basic $authbasic;
fancyindex $fancyindex;
}
But when I run nginx -T to validate the configuration, I get this error:
# nginx -T
nginx: [emerg] invalid value "$fancyindex" in "fancyindex" directive, it must be "on" or "off" in /etc/nginx/sites-enabled/30-example.com:54
nginx: configuration file /etc/nginx/nginx.conf test failed
My current config fills the initial goal of disallowing directory browsing while allowing file access, I am just experimenting to see if it's possible to toggle the module and allow directory listing under certain circumstances.
location ^~ /somedir {
try_files $uri =403;
autoindex off;
fancyindex off;
}
- Is this a bug or is the requirement for explicit declaration intentional?
- Would this be feasible/make sense to implement allowing a variable (coming from a map or set statement) to allow turning the module on or off? Such as I have in my example, barring some bits I glossed over with the auth_basic.
- (Yes, I know if is evil, just to put that out right from the start)
If I'm mistaken in anything here, or more information is needed, please let me know and I will be more than happy to provide.
Actually, as I just posted this, I realized I could set another location directive explicitly for somedir and perform the auth there, without needing to attempt to toggle the module or anything else that is wonky.
Feel free to close this issue. But I am still curious around the usage of toggling the module via a variable.
@jwshields There are some features (like location) of the Nginx configuration file which are parsed and evaluated only once then the result reused for all requests, and other features (like variables) which participate in a second evaluation stage which takes place for each request. The fancyindex directives are intended to be if the first kind (evaluate once at startup, reuse result) and that's the reason why you cannot disable fancyindex inside an if block.
It is the first time in 15 years that someone asks about toggling the module inside an if evaluation... while I see the usefulness, I think the extra complexity is not worth the effort because there are other ways of achieving the same—and avoiding evaluating parts of the configuration on each request when possible is always better for server performance.
Using a different location directive for somedir works fine, as you have already discovered 👍🏼
Makes total sense with the way you laid it out with the request processing.
Thanks for the detailed response here, much appreciated!