0

I have NGINX as proxy with SSL for background Tomcat server with ORDS/Apex. I am trying to block access to admin login page. Url to page looks like this: https://10.10.10.10/ords/f?p=4550:1:10500576264651:::::

The part of URL is fixed (/ords/f?p=4550) and everything after (:1:10500576264651::::: ) is dynamic.

I'm trying to block ALL requests that have string "/ords/f?p=4550" in URL. For ordinary directory block works good, but when need to read URL I cant make it work.

#This do not work
location ^~ /ords/f?p=4550 {
        return 404;
    }

#This works
 location ^~ /janko {
        return 400;
    }

I managed this in HAProxy relatively easy by reading ALC like this and redirecting to 404 page

#Recognize patern
acl denyPath url_beg /ords/f?p=4550 

#Use backend that redirect to 404 
use_backend redirectTo404 if denyPath

Do anybody have any idea how to do this on NGINX?

chrisis
  • 1,983
  • 5
  • 20
  • 17
Janko
  • 1
  • 1
  • 1
    See [this answer](https://stackoverflow.com/questions/54329332/nginx-redirect-url-with-query-strings/54330947#54330947). – Richard Smith Feb 17 '21 at 16:07
  • @RichardSmith Thanx for answer. I tried this: `code` ..... access_log /etc/nginx/log/eces.access.log; if ($request_uri ~ ^/ords/f?p=4550(.*)$) { return 500; } location / { ..... `code` But it is not working. I have syntax problem, or? – Janko Feb 18 '21 at 08:31
  • 1
    The `?` is a special character in a regular expression. You will need to escape it. For example: `if ($request_uri ~* "^/ords/f\?p=4550(&|$)") { return 404; }` – Richard Smith Feb 18 '21 at 08:37
  • @RichardSmith thanks again! I tried your sample, still no luck. – Janko Feb 18 '21 at 08:43
  • And you are right, If I add just "4550" it gives 404 just fine. But there is possibility that 4550 will show in some requests in dynamic part of URL, so it cant be blocked only by that No. – Janko Feb 18 '21 at 08:53
  • 1
    Sorry, I didn't review the example in your question. The `(&|$)` should be replaced by `:`. – Richard Smith Feb 18 '21 at 08:56
  • Yes, this will do it! Thanks a lot! – Janko Feb 18 '21 at 08:58

0 Answers0