Page 1 of 1

Preventing users from adding file formats to nginx

Posted: Mon Jan 05, 2015 8:30 am
by eagles051387
I understand in the case of Vesta that nginx is functioning as a reverse proxy, but I find a flaw in one thing. When one adds a web domain to ones account, that user can then add and delete extensions is there a reason for this? Shouldn't the admin set what file formats are supported?

What do I need to do to prevent users from being able to add extensions or removing extensions?

Re: Preventing users from adding file formats to nginx

Posted: Wed Jan 07, 2015 5:29 am
by skurudo
eagles051387 wrote:I understand in the case of Vesta that nginx is functioning as a reverse proxy, but I find a flaw in one thing. When one adds a web domain to ones account, that user can then add and delete extensions is there a reason for this? Shouldn't the admin set what file formats are supported? What do I need to do to prevent users from being able to add extensions or removing extensions?
One user = one domain
It's simple logic and tight security.

And those nginx extensions it's for nginx setting "location" (code below). Bad or not add or delete extensions? Mmm... tricky question! If you have extention in config, then this request will be done by nginx. If not, then apache will be do it. When apache processes the request, the resources spent a more.

This line in config for user /conf/web/nginx.conf:

Code: Select all

location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mp4|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
From nginx docs
A request “/logo.gif” is matched by the prefix location “/” first and then by the regular expression “\.(gif|jpg|png)$”, therefore, it is handled by the latter location. Using the directive “root /data/www” the request is mapped to the file /data/www/logo.gif, and the file is sent to the client.

Re: Preventing users from adding file formats to nginx

Posted: Thu Jan 15, 2015 9:32 am
by eagles051387
is there a way to prevent users from modifying their web domain on their account in terms of extensions? What I mean is if you click on web and edit your domain you have the nginx box with the extensions there it seems a plain user can just add and remove extensions. Shouldn't this be done only by the administrator?

Re: Preventing users from adding file formats to nginx

Posted: Thu Jan 15, 2015 10:31 am
by skurudo
eagles051387 wrote:is there a way to prevent users from modifying their web domain on their account in terms of extensions?
If user add or remove extension, nothing critical will not happen.

In current version - nope, no standat way. But you can edit /usr/local/vesta/web/templates/user/edit_web.html and remove proxy settings, from this and-and-and

Code: Select all

<table style="display:<?php if (empty($v_proxy)) { echo 'none';} else {echo 'block';}?> ;" id="proxytable">
I think, this part (it's not tested, please make a copy!)

Code: Select all

                           <tr>
                                <td class="step-left">
                                    <table style="display:<?php if (empty($v_proxy)) { echo 'none';} else {echo 'block';}?> ;" id="proxytable">
                                        <tr>
                                            <td class="vst-text" style="padding: 12px 0 0 0;">
                                                <?php print __('Proxy Extensions');?>
                                            </td>
                                        </tr>
                                        <tr>
                                            <td>
                                                <textarea size="20" class="vst-textinput" name="v_proxy_ext"><?php if (!empty($v_proxy_ext)) { echo $v_proxy_ext;} else { echo 'jpeg, jpg, png, gif, bmp, ic$
                                            </td>
                                        </tr>
                                    </table>
                                </td>
                            </tr>

Re: Preventing users from adding file formats to nginx

Posted: Thu Jan 15, 2015 10:51 am
by eagles051387
What will the system do with the extensions that the user would have added how does it handle them or does it ignore them?
skurudo wrote:
eagles051387 wrote:is there a way to prevent users from modifying their web domain on their account in terms of extensions?
If user add or remove extension, nothing critical will not happen.

In current version - nope, no standat way. But you can edit /usr/local/vesta/web/templates/user/edit_web.html and remove proxy settings, from this and-and-and

Code: Select all

<table style="display:<?php if (empty($v_proxy)) { echo 'none';} else {echo 'block';}?> ;" id="proxytable">
I think, this part (it's not tested, please make a copy!)

Code: Select all

                           <tr>
                                <td class="step-left">
                                    <table style="display:<?php if (empty($v_proxy)) { echo 'none';} else {echo 'block';}?> ;" id="proxytable">
                                        <tr>
                                            <td class="vst-text" style="padding: 12px 0 0 0;">
                                                <?php print __('Proxy Extensions');?>
                                            </td>
                                        </tr>
                                        <tr>
                                            <td>
                                                <textarea size="20" class="vst-textinput" name="v_proxy_ext"><?php if (!empty($v_proxy_ext)) { echo $v_proxy_ext;} else { echo 'jpeg, jpg, png, gif, bmp, ic$
                                            </td>
                                        </tr>
                                    </table>
                                </td>
                            </tr>

Re: Preventing users from adding file formats to nginx

Posted: Thu Jan 15, 2015 12:54 pm
by skurudo
Oh... my idea was, you can edit user interface and make, what do you want. With this "corrections" your users can't see this part of control panel.
eagles051387 wrote:What will the system do with the extensions that the user would have added how does it handle them or does it ignore them?
"System" add these extension in config for Nginx - /home/user/conf/web/nginx.conf
Nginx will take files with extensions "directly" from folders, apache2 will do nothing with those files. Otherwise webserver apache2 will do all job.