abusesa::services: Allow restricting access based on client certificate DN

This commit is contained in:
Ossi Salmi 2015-06-22 13:23:22 +03:00
parent 23a9802363
commit 0cc9f98ab4
2 changed files with 8 additions and 1 deletions

View file

@ -1,6 +1,7 @@
# Configure AbuseSA services. # Configure AbuseSA services.
# #
class abusesa::services( class abusesa::services(
$allow_dn=undef,
$services=[], $services=[],
$socketdir='/var/lib/abuserv/run', $socketdir='/var/lib/abuserv/run',
) { ) {

View file

@ -1,6 +1,6 @@
log_format abusesa '$remote_addr - $http_x_remote_user [$time_local] ' log_format abusesa '$remote_addr - $http_x_remote_user [$time_local] '
'"$request" $status $body_bytes_sent ' '"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"'; '"$http_referer" "$http_user_agent" "$ssl_client_s_dn"';
server { server {
listen 8443; listen 8443;
@ -15,6 +15,12 @@ server {
proxy_buffering off; proxy_buffering off;
<% if @allow_dn -%>
if ($ssl_client_s_dn != "<%= @allow_dn %>") {
return 403;
}
<% end -%>
<% @services.each do |service| <% @services.each do |service|
dir, sep, sock = service.rpartition('/') dir, sep, sock = service.rpartition('/')
dir = @socketdir if dir.empty? dir = @socketdir if dir.empty?