From 5b2359c38ffff767099bd5cf47af1aabc8f86bdf Mon Sep 17 00:00:00 2001
From: Seth Grover <seth.d.grover@gmail.com>
Date: Mon, 1 Apr 2024 12:12:20 -0600
Subject: [PATCH] work in progress for idaholab/Malcolm#331, improvements to
 extracted_files_http_server.py and the setting/creation of ACL rules on
 hedgehog

---
 nginx/nginx.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 012035dbd..16cf274fd 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -199,6 +199,9 @@ http {
       proxy_set_header Host file-monitor.malcolm.local;
     }
 
+    # extracted file download hedgehog redirect
+    # TODO: this is not very secure: we need to validate somehow
+    #   that we're not just redirecting to some bad place
     location ~* ^/hh-extracted-files/([a-zA-Z0-9-\.]+)\b(.*) {
       include /etc/nginx/nginx_auth_rt.conf;
       set $upstream $1:8006;