Nginx read secret and webhook headers

networking nginx

A Webhook from Github is passing through Nginx proxy.

The webhook uses secret and the header is sent as X-Hub-Signature-256.

I want to make Nginx filtering requests, i.e I need Nginx to take the webhook header value and compare it to $SECRET_TOKEN. If the secret is right, it will send 200 and If not, 403.

I thought of something like this, but could find a way to implement it:

server {
  listen 80;
  server_name _;

  location /payload {
      
      #Read the header sent by the webhook
      #If the header content matches $SECRET_TOKEN I defined on Nginx then return 200
      #Else, return 403 
  }
}

Please help with implementing this pseudo as I couldn't find any example online.

Thanks in advance.


Solution 1:

On http level, create a map:

map $http_x_hub_signature_256 $retcode {
    <token> 200;
    default 403;
}

And your location would be:

location /payload {
    return $retcode;
}

Related

How to setup a master-slave connection with an invisible master? [closed]
What is rotating my mail logs
What happens when ZFS RAID0 or RAID1 (single disk) detects data faults?
Can CDN caching prevent DoS attacks?
Firewalld insert rule before ESTABLISHED
Why the parent process of sudo -u remains in ps as root user? is it possible to avoid it? If not is it safe?
samba share but sub folders are not readable
Is there a REST API for Windows Server Update Catalog?
AWS: can't duplicate DNS settings for an existant domain
How to combine 2 list based on a common key value in Ansible Jinja2
Uniqueness of UUID substring
Estimate/Print csv COPY status to postgresql table