Hi,
I'd like to use nginx 1.2.1 as a filtering & caching proxy on my Raspberry Pi. Filtering domain names and URLs is easy but I could not find a way to filter contents by their MIME type.
To be a little bit more specific, I want to deny clients to download or watch multimedia contents (MIME types: audio/*, video/*). In order to achieve this, I created a mapping like this:
map $sent_http_content_type $is_forbidden {
default 0;
"~audio\/.*" 1;
"~video\/.*" 1;
}
I tried various methods to send a 403 forbidden response to the client in case a forbidden content is being downloaded, without any luck.
1. Tried specifying in an if block - which would never work as it turned out that if statements are expanded before the response is received so the variable $sent_http_content_type will always be empty and thus the mapping returns 0:
location / {
if ($is_forbidden = 1) {
return 403;
}
2. Tried using the add_header directive to append a header to the response:
location / {
add_header X-Forbidden $is_forbidden;
}
This works like a charm, I can see on the client that my custom header contains 0 or 1 according to the content's MIME type, yet I can't evaluate the header's value server-side for the same reason as above.
3. Tried creating a second proxy instance to check the value of X-Forbidden there but that also didn't work as expected, I couldn't push the forwarded requests to the destination servers without causing 400 errors - this is likely to be a configration issue although I don't think this solution would be the most appropriate one.
I'm aware that there are several alternatives (eg. Squid 3 has the exact capability I need) but other solutions would need more resources and therefore would run much slower on a small embedded device like my Raspberry Pi.
Please assist me, I'm completely stuck with this.
Thanks,
Gergely
I'd like to use nginx 1.2.1 as a filtering & caching proxy on my Raspberry Pi. Filtering domain names and URLs is easy but I could not find a way to filter contents by their MIME type.
To be a little bit more specific, I want to deny clients to download or watch multimedia contents (MIME types: audio/*, video/*). In order to achieve this, I created a mapping like this:
map $sent_http_content_type $is_forbidden {
default 0;
"~audio\/.*" 1;
"~video\/.*" 1;
}
I tried various methods to send a 403 forbidden response to the client in case a forbidden content is being downloaded, without any luck.
1. Tried specifying in an if block - which would never work as it turned out that if statements are expanded before the response is received so the variable $sent_http_content_type will always be empty and thus the mapping returns 0:
location / {
if ($is_forbidden = 1) {
return 403;
}
2. Tried using the add_header directive to append a header to the response:
location / {
add_header X-Forbidden $is_forbidden;
}
This works like a charm, I can see on the client that my custom header contains 0 or 1 according to the content's MIME type, yet I can't evaluate the header's value server-side for the same reason as above.
3. Tried creating a second proxy instance to check the value of X-Forbidden there but that also didn't work as expected, I couldn't push the forwarded requests to the destination servers without causing 400 errors - this is likely to be a configration issue although I don't think this solution would be the most appropriate one.
I'm aware that there are several alternatives (eg. Squid 3 has the exact capability I need) but other solutions would need more resources and therefore would run much slower on a small embedded device like my Raspberry Pi.
Please assist me, I'm completely stuck with this.
Thanks,
Gergely