Mercurial > hg > nginx-site
annotate xml/en/docs/http/ngx_http_internal_redirect_module.xml @ 2963:c7bf5c9a1174
Linux packages: added Ubuntu 23.04 "lunar".
author | Konstantin Pavlov <thresh@nginx.com> |
---|---|
date | Wed, 10 May 2023 18:59:39 -0700 |
parents | a85e4d126bc7 |
children |
rev | line source |
---|---|
2956
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
1 <?xml version="1.0"?> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
2 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
3 <!-- |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
4 Copyright (C) Nginx, Inc. |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
5 --> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
6 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
8 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
9 <module name="Module ngx_http_internal_redirect_module" |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
10 link="/en/docs/http/ngx_http_internal_redirect_module.html" |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
11 lang="en" |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
12 rev="1"> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
13 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
14 <section id="summary"> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
15 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
16 <para> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
17 The <literal>ngx_http_internal_redirect_module</literal> module (1.23.4) allows |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
18 making an internal redirect. |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
19 In contrast to |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
20 <link doc="ngx_http_rewrite_module.xml">rewriting URIs</link>, |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
21 the redirection is made after checking |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
22 <link doc="ngx_http_limit_req_module.xml">request</link> and |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
23 <link doc="ngx_http_limit_conn_module.xml">connection</link> processing limits, |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
24 and <link doc="ngx_http_access_module.xml">access</link> limits. |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
25 </para> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
26 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
27 <para> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
28 <note> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
29 This module is available as part of our |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
30 <commercial_version>commercial subscription</commercial_version>. |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
31 </note> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
32 </para> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
33 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
34 </section> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
35 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
36 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
37 <section id="example" name="Example Configuration"> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
38 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
39 <para> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
40 <example> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
41 limit_req_zone $jwt_claim_sub zone=jwt_sub:10m rate=1r/s; |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
42 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
43 server { |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
44 location / { |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
45 auth_jwt "realm"; |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
46 auth_jwt_key_file key.jwk; |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
47 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
48 internal_redirect @rate_limited; |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
49 } |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
50 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
51 location @rate_limited { |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
52 internal; |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
53 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
54 limit_req zone=jwt_sub burst=10; |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
55 proxy_pass http://backend; |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
56 } |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
57 } |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
58 </example> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
59 The example implements |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
60 <link url="https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2">per-user</link> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
61 <link doc="ngx_http_limit_req_module.xml">rate limiting</link>. |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
62 Implementation without <link id="internal_redirect">internal_redirect</link> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
63 is vulnerable to DoS attacks by unsigned JWTs, as normally the |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
64 <link doc="ngx_http_limit_req_module.xml" id="limit_req">limit_req</link> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
65 check is performed |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
66 <link doc="../dev/development_guide.xml" id="http_phases">before</link> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
67 <link doc="ngx_http_auth_jwt_module.xml" id="auth_jwt">auth_jwt</link> check. |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
68 Using <link id="internal_redirect">internal_redirect</link> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
69 allows reordering these checks. |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
70 </para> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
71 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
72 </section> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
73 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
74 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
75 <section id="directives" name="Directives"> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
76 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
77 <directive name="internal_redirect"> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
78 <syntax><value>uri</value></syntax> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
79 <default/> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
80 <context>server</context> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
81 <context>location</context> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
82 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
83 <para> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
84 Sets the URI for internal redirection of the request. |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
85 It is also possible to use a |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
86 <link doc="ngx_http_core_module.xml" id="location_named">named location</link> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
87 instead of the URI. |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
88 The <value>uri</value> value can contain variables. |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
89 If the <value>uri</value> value is empty, |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
90 then the redirect will not be made. |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
91 </para> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
92 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
93 </directive> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
94 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
95 </section> |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
96 |
a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff
changeset
|
97 </module> |