Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 28th March 2013, 11:43
ispcomm ispcomm is offline
Senior Member
 
Join Date: Aug 2010
Posts: 167
Thanks: 19
Thanked 11 Times in 11 Posts
Default nginx snippets for client (rewrite conversion)

Hello,

how do I add snippets (mainly mod_rewrite equivalents for nginx) being a client of a site and not a server admin?

is this not available?

Thank you.
Reply With Quote
Sponsored Links
  #2  
Old 28th March 2013, 12:29
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Snippets are managed by the admin only.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 28th March 2013, 14:19
ispcomm ispcomm is offline
Senior Member
 
Join Date: Aug 2010
Posts: 167
Thanks: 19
Thanked 11 Times in 11 Posts
Default

Quote:
Originally Posted by till View Post
Snippets are managed by the admin only.
Is this for security ?
It makes nginx much less attractive for what it's most usefull: shared hosting.
Reply With Quote
  #4  
Old 28th March 2013, 14:48
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Yes, for security and ease of implementation. But it should be possible to extend this function so that clients can add snippets too. As the admin will see all snippets then, it might be a bit confusing for him so we might hav to limit that fnction in away that a admin does not see any user snippets.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 28th March 2013, 15:32
Rockdrala Rockdrala is offline
Senior Member
 
Join Date: Dec 2007
Posts: 140
Thanks: 7
Thanked 2 Times in 2 Posts
Default

It is important to note, that bad nginx directives or errors entered into options tab of a site, can and will crash a nginx server. So Nginx directives must be entered with care. I'm not sure I would ever feel comfortable with a client having the ability to enter them in.
Reply With Quote
  #6  
Old 28th March 2013, 16:33
ispcomm ispcomm is offline
Senior Member
 
Join Date: Aug 2010
Posts: 167
Thanks: 19
Thanked 11 Times in 11 Posts
Default

Yes, I'm concerned with security too.

Till: I guess admin can be limited to see only snippets created by himself. This will require an extra column for each snipped (owner/creator).

Regarding stability problems, Is the issue worse with nginx than with the .htaccess tricks that can be done on apache?

Rockdrala: I understand the snippet is limited to the virtualhost running the snippet. Could you make an example of a snippet that will break stuff outside of the virtualhost (i.e.... dos or resource of xss?)

Thank you.
Reply With Quote
  #7  
Old 2nd April 2013, 11:07
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Quote:
Regarding stability problems, Is the issue worse with nginx than with the .htaccess tricks that can be done on apache?
a wrong .htaccess file affects only the website were it is created while the custom directives affect the whole server.

Quote:
Rockdrala: I understand the snippet is limited to the virtualhost running the snippet. Could you make an example of a snippet that will break stuff outside of the virtualhost (i.e.... dos or resource of xss?)
No, it is not limited to the vhost. Its the same as if you would enter a wrong configuration in the vhost file of apache. A single wrong line will bring down the whole server. Thats why the customdirectives fields are only availabe for the admin and not to the client.

Tere is no corresponding functionality to a.htaccess file in nginx.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 3rd April 2013, 10:27
ispcomm ispcomm is offline
Senior Member
 
Join Date: Aug 2010
Posts: 167
Thanks: 19
Thanked 11 Times in 11 Posts
 
Default

So, what would be the suggested scenario for using nginx with "untrusted" users?

Would you suggest to have them open a support request with their snippet, then after evaluation by an admin get that snippet in the available snippets so that the client can add it to their nginx config?

Or, perhaps a different road can be pursued: For example check if nginx parses the new snippet correctly and allow it only when no errors are thrown from it?

Can you envision situations where a nginx parser will accept the snippet, but break other sites running in nginx?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
nginx rewrite for drupal icphedia Installation/Configuration 6 24th November 2013 11:50
Rewrite nginx snippefs for clients? ispcomm General 2 27th April 2013 19:30
Please help convert htaccess to nginx ababneh HOWTO-Related Questions 6 5th April 2013 01:19
Installing Nginx With PHP5 (And PHP-FPM) And MySQL Support On CentOS 6.3 Totenkopf HOWTO-Related Questions 1 5th November 2012 13:26
nginx rewrite onastvar General 1 31st July 2012 19:25


All times are GMT +2. The time now is 03:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.