nginx as a reverse proxy to limit http verb access

Question

So I've got an app that uses CouchDB as the backend. Couch doesn't really have it's security/user model in place yet, and by default anyone can do anything (including deleting records and even the entire database). But, if we limit access to only GET requests we're much safer.

I was hoping I could put nginx out front as a reverse proxy, but I can't find an option that lets you filter requests based on the verb coming in. Pound does this so I'm thinking of going that route, but we already use nginx extensively and it would be nice not to have to add another technology in the mix. Anyone know if there's an option that will let this happen?

I'd even settle for a mod_proxy option in Apache. Any ideas?

Answer 1

You can get access to the HTTP request type from the $request_method variable. So:

location / {
  if ($request_method = 'GET') {
    proxy_pass couchdb_backend;
  }
}