Search code examples
regexlinuxnginxproxywildcard

How to allow specific Methods for specific URLs which contain Regex/Wildcards too in Nginx?


I have an Nginx and I need to allow access to Specific Methods for Specific URLs, what's more, is that these URLs contain Regex.

The requirements are as below:

/bill/<SOME_NUMBER_THAT_CHANGES>/verify --> GET & POST only

/bill/ipn/<SOME_STRING_THAT_CHANGES> --> POST only

My current configurations that don't work are as below:

server {
    server_name             foo.example.com;

    location ~ ^/bill/([0-9]+)/verify { 
        limit_except GET POST {
           deny all;
        }
        proxy_pass http://app:<PORT>/$1;
        proxy_set_header X-Real-IP $remote_addr;
    }

    location ~ ^/bill/ipn/([A-Za-z0-9]+) { 
        limit_except POST {
           deny all;
        }
        proxy_pass http://app:<PORT>/$1;
        proxy_set_header X-Real-IP $remote_addr;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/foo.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/foo.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

For instance, whenever I try to curl foo.example.com/bill/540/verify, it returns 404 not found.

I've used the following links to create the above config:

Question: Any idea how to achieve this?

Any help is appreciated, thanks in advance.


Solution

  • Okay, I figured it out:

    server {
        server_name             foo.example.com;
    
        location ~ ([0-9]+)\/verify(\?status=.*)* {
            rewrite ([0-9]+)\/verify(\?status=.*)* /bill/$1/verify$2 break;
            proxy_pass http://app:<PORT>;
            proxy_set_header X-Real-IP $remote_addr;
    
            limit_except GET POST {
               deny all;
            }
        }
    
        location /bill/ipn {
            limit_except POST {
               deny all;
            }
            proxy_pass http://app:<PORT>;
            proxy_set_header X-Real-IP $remote_addr;
        }
    
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/foo.example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/foo.example.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    }
    

    The trick was capturing the parts I wanted and then passing them as variables such as $1, $2, ... in the rewrite section.

    I used This regex builder in PCRE flavor since it was mentioned in Nginx docs to make sure my regex is correct.