ngx_http_proxy_connect_module icon indicating copy to clipboard operation
ngx_http_proxy_connect_module copied to clipboard

Published 20 hours ago verified publisher icon chobits

Access restriction to hosts

Open disappointed72 opened this issue 3 years ago • 2 comments

What is an easy way to allow connections to a whitelist of hosts only?

For example: allow google.com allow facebook.com allow *.blabla.com and deny connections to any other hosts.

disappointed72 avatar Mar 07 '22 11:03 disappointed72

You can check $connect_host and $request_method variable to block CONNECT request before establishing CONNECT tunnel to upstream.

But you cannot check data flow in established CONNECT tunnel.

chobits avatar Mar 26 '22 09:03 chobits

  1. Maybe as following ( nginx original configuration), have not actually tested it:
if ("$connect_host::$request_method" == "google.com::CONNECT") { # nginx doest not support "and" operation in its if-stmt.
  return 403;
}
  1. Or some lua script to do this, you can check some case:https://github.com/chobits/ngx_http_proxy_connect_module/blob/master/t/http_proxy_connect_lua.t#L89

chobits avatar Mar 26 '22 09:03 chobits

think it resolved. feel free to reopen if u still have the same problem

chobits avatar Aug 18 '22 09:08 chobits