I am trying to set up nginx reverse proxy with my application. I need to be able to only allow subdomain.domain. I have a login that redirects the browser to subdomain.domain/path. That works fine. However I found out that you can bypass the authorization page by simply going to subdomain.domain/path. I have experimented with sub filters but have only been able to lock out the path.... Is there a better mechanism that sub filters to accomplish this. Here is a copy of the config:
server {
server_name abc.domain;
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
location / {
#subfilter
sub_filter_types text/css text/javascript;
sub_filter path /; //this should send abc.domain/path to abc.domain until user authenticates
sub_filter_once on;
server {
server_name abc.domain;
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
location / {
#subfilter
sub_filter_types text/css text/javascript;
sub_filter path /; //this should send abc.domain/path to abc.domain until user authenticates
sub_filter_once on;