Mercurial > hg > nginx-site

comparison xml/en/docs/http/ngx_http_internal_redirect_module.xml @ 2956:a85e4d126bc7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated docs for the upcoming NGINX Plus release.
author Yaroslav Zhuravlev <yar@nginx.com>
date Tue, 02 May 2023 11:39:21 +0100
parents
children
comparison
equal deleted inserted replaced
2955:2c4d7151b9a9 2956:a85e4d126bc7
1 <?xml version="1.0"?>
2
3 <!--
4 Copyright (C) Nginx, Inc.
5 -->
6
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
8
9 <module name="Module ngx_http_internal_redirect_module"
10 link="/en/docs/http/ngx_http_internal_redirect_module.html"
11 lang="en"
12 rev="1">
13
14 <section id="summary">
15
16 <para>
17 The <literal>ngx_http_internal_redirect_module</literal> module (1.23.4) allows
18 making an internal redirect.
19 In contrast to
20 <link doc="ngx_http_rewrite_module.xml">rewriting URIs</link>,
21 the redirection is made after checking
22 <link doc="ngx_http_limit_req_module.xml">request</link> and
23 <link doc="ngx_http_limit_conn_module.xml">connection</link> processing limits,
24 and <link doc="ngx_http_access_module.xml">access</link> limits.
25 </para>
26
27 <para>
28 <note>
29 This module is available as part of our
30 <commercial_version>commercial subscription</commercial_version>.
31 </note>
32 </para>
33
34 </section>
35
36
37 <section id="example" name="Example Configuration">
38
39 <para>
40 <example>
41 limit_req_zone $jwt_claim_sub zone=jwt_sub:10m rate=1r/s;
42
43 server {
44 location / {
45 auth_jwt "realm";
46 auth_jwt_key_file key.jwk;
47
48 internal_redirect @rate_limited;
49 }
50
51 location @rate_limited {
52 internal;
53
54 limit_req zone=jwt_sub burst=10;
55 proxy_pass http://backend;
56 }
57 }
58 </example>
59 The example implements
60 <link url="https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2">per-user</link>
61 <link doc="ngx_http_limit_req_module.xml">rate limiting</link>.
62 Implementation without <link id="internal_redirect">internal_redirect</link>
63 is vulnerable to DoS attacks by unsigned JWTs, as normally the
64 <link doc="ngx_http_limit_req_module.xml" id="limit_req">limit_req</link>
65 check is performed
66 <link doc="../dev/development_guide.xml" id="http_phases">before</link>
67 <link doc="ngx_http_auth_jwt_module.xml" id="auth_jwt">auth_jwt</link> check.
68 Using <link id="internal_redirect">internal_redirect</link>
69 allows reordering these checks.
70 </para>
71
72 </section>
73
74
75 <section id="directives" name="Directives">
76
77 <directive name="internal_redirect">
78 <syntax><value>uri</value></syntax>
79 <default/>
80 <context>server</context>
81 <context>location</context>
82
83 <para>
84 Sets the URI for internal redirection of the request.
85 It is also possible to use a
86 <link doc="ngx_http_core_module.xml" id="location_named">named location</link>
87 instead of the URI.
88 The <value>uri</value> value can contain variables.
89 If the <value>uri</value> value is empty,
90 then the redirect will not be made.
91 </para>
92
93 </directive>
94
95 </section>
96
97 </module>