Using NGINX to proxy to a cluster of RIAK nodes*. I have a rewrite rule like
rewrite ^/bucket-([a-z]+)/object-([a-zA-Z0-9]+)/(.+)$ /riak/$1/$2 break;
and a location block
location /riak/ {
proxy_pass http://riak_servers/riak/;
}
Which will redirect to one of the RIAK servers. Problem is, users can directly access http://server/riak/ and get directly to the RIAK cluster and bucket information. I want to only allow access to users requesting resources via the rewritten URL. I'd rather avoid any if
s or multiple location
blocks to catch everything. I'm probably missing something obvious.
NGINX 1.0.11
*This is generally a bad idea since anyone with access to the NGINX server can put
/post
stuff into your RIAK cluster. You should prevent all request types except GET
and HEAD
, also it's probably a good idea to remove andy X-*
headers put in by RIAK. I don't think exposing the VClock value is a security issue but best to be safe.
Best Answer
Use the internal directive to mark it as an internal location which is not accessible directly.