Redirect Request in ssl_certificate_by_lua_block

cumin · 2017-07-17T22:01:18+00:00

On Monday, July 17, 2017 at 12:21:21 PM UTC+3, Georgi Georgiev wrote:Hello,I have mod security compiled in nginx and I need when user is blocked by some mode...

Redirect Request in ssl_certificate_by_lua_block

cumin

Hello,

Is there a way to utilize ngx.redirect from within the ssl_certificate_by_lua_block directive? That is to say, is there a way to run lua code to determine a list of good domains and bad domains, then redirect traffic according to that custom code? Ex: allow https://abc.com to go through, but redirect https://edf.com to some other URL?

Thank you very much!

zchao1995

Hello!

How do you the domain in the phase of SSL handshake, or you mean that the SNI?

On Monday, July 17, 2017 at 10:01:18 PM UTC+8, cu...@domahub.com wrote:

Hello,

Is there a way to utilize ngx.redirect from within the ssl_certificate_by_lua_block directive? That is to say, is there a way to run lua code to determine a list of good domains and bad domains, then redirect traffic according to that custom code? Ex: allow https://abc.com to go through, but redirect https://edf.com to some other URL?

Thank you very much!

jonathan

if you're trying to save yourself a lookup, you can't do a redirect there but you should be able to stash a result into the request (maybe a header?) for the redirect, and then catch it at a later point.

if you're trying to do a clean redirect, it won't work. if edf.com does not have a valid cert, you need to set a backup certificate for the redirect but the client may reject that redirect -- it will be sent on an invalid cert that doesn't match the request (the cert's domain, date or other data will not be valid for the request)