See these pages for info on why you may want this: http://plone.org/products/plone/security/advisories/cve-2011-0720 and http://plone.org/documentation/kb/disable-logins-for-a-plone-site
If you want to change lots of nginx config files to temporarily switch off login (authentication) and cookies, you can use this bash script at your own risk:
#! /bin/bash
# Note: /bin/sh would be better, but at least when that points to
# /bin/dash it complains about some of my usage of 'test'.
cat <<EOF
This script looks for nginx files in the current directory. Actually,
it looks for files having at least one occurrence of 'proxy_pass'.
After each line with 'proxy_pass' it inserts two new lines:
proxy_set_header Cookie null;
proxy_set_header Authorization null;
See these pages for info on why you may want this:
http://plone.org/products/plone/security/advisories/cve-2011-0720
http://plone.org/documentation/kb/disable-logins-for-a-plone-site
As a safety measure it copies the original filename.extension to
filename.extension.ori.
NO WARRANTY AT ALL. ASSUME THIS DELETES ALL YOUR FILES!
COPY ALL FILES IN THE CURRENT DIRECTORY TO A BACKUP LOCATION,
PREFERABLY ON A DIFFERENT CONTINENT.
In other words: USE THIS AT YOUR OWN RISK.
Maurits van Rees
EOF
DRYRUN='yes'
if test "x$1" == "xyes"; then
echo "This is NOT a dry run."
DRYRUN=
else
echo "This is a dry run."
echo "Run with '$0 yes' to really change the files."
fi
for CONFFILE in *; do
if test $(grep -c 'proxy_pass' $CONFFILE) -eq 0; then
echo "No match: $CONFFILE"
else
if test $DRYRUN; then
echo "Would change $CONFFILE and keep backup in $CONFFILE.ori"
else
if test -e $CONFFILE.ori; then
echo "NOT changing $CONFFILE: $CONFFILE.ori already exists."
else
echo "Changing $CONFFILE and keeping backup in $CONFFILE.ori"
# 'cp -n' means: do not overwrite an existing file
cp -n $CONFFILE $CONFFILE.ori
sed 's/proxy_pass.*$/&\
proxy_set_header Cookie null;\
proxy_set_header Authorization null;/' $CONFFILE.ori > $CONFFILE
fi
fi
fi
done
echo "Do not forget to reload or restart nginx after changes."