id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 1669 Problems with map + subfilter jpereira@… "1. I have tried to use the map+subfilter as the below snip. {{{ user nginx; worker_processes auto; daemon off; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] ""$request"" ' '$status $body_bytes_sent ""$http_referer"" ' '""$http_user_agent"" ""$http_x_forwarded_for"" ' '(Cache $upstream_cache_status)'; access_log /dev/stdout main; sendfile on; keepalive_timeout 65; gzip on; # Due to we are listening only http, therefore be sure to always return http:// map $request_uri $subfilter_allowed_content_type { volatile; default whatever/donothing; ~/artifactory/api/nuget/.* application/atom+xml; } proxy_cache_path /var/cache/nginx/artifactory levels=1:2 keys_zone=artifactory_cache:50m max_size=50g inactive=24h use_temp_path=off; server { listen 80; server_name ~(?.+)\.artifactory.tapioca.lan; resolver 8.8.8.8; set $upstream https://artifactory.myaws.com/artifactory; location /artifactory/ { sub_filter_types $subfilter_allowed_content_type; # the variable is filled up correctly #sub_filter_types ""application/atom+xml""; # but, when use it hardcode. then it works fine. sub_filter_last_modified on; sub_filter ""https://$host"" http://$host""; # it works only when use sub_filter_types with hardcore value. sub_filter_once off; # its been filled correctly add_header X-Debug-subfilter-allowed-content-type ""$subfilter_allowed_content_type""; proxy_read_timeout 60s; proxy_pass_header Server; proxy_cookie_path ~*^/.* /; if ( $request_uri ~ ^/artifactory/(.*)$ ) { proxy_pass $upstream/$1; } proxy_pass $upstream; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; proxy_set_header X-JFrog-Art-Api $artifactory_token; } } } }}} 2. I do the request like. curl -s -H ""Host: artifactory-proxy.apps.fni"" ""http://172.17.0.2/artifactory/api/nuget/v3/dtfni-nuget/Packages(Id='AttributeRouting.Core.Web',Version='3.5.6')"" Conclusion: the variable it been filled up correctly, but the sub_filter_types looks to not process. " defect closed critical nginx-module 1.12.x invalid map subfilter Linux 09219196bcb5 3.10.0-862.11.6.el7.x86_64 #1 SMP Tue Aug 14 21:49:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux "nginx version: nginx/1.12.0 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'"