Anything wrong with using 599, 598 error codes for logic?

Maxim Dounin mdounin at mdounin.ru
Mon Jun 29 15:10:16 MSD 2009


Hello!

On Sat, Jun 27, 2009 at 01:36:33PM -0400, brianmercer wrote:

> I'm new here, thanks.  I'm writing rules for Drupal using the Boost static caching module (like wp-super-cache).  Is there anything wrong with using fake error codes like 599, 598 and internal locations to control logic?

It should work with recent nginx versions (0.7.51+) but may 
produce strange results as long as this errors escape to user due 
to config errors.  And actually I see no reason to do so in your 
config, 405 (Method Not Allowed) looks appropriate in your config.

> server {
> 	listen  80;
> 	server_name  example.com;
> 	access_log /var/log/nginx/example.com.access.log;
> 	error_log /var/log/nginx/example.com.error.log;
> 	root /var/example.com;
> 	index index.php;
> 
> 	if ($host !~* ^(example.com)$ ) { # deny illegal host headers
> 		return 444;
> 	}

It's much better to setup separate default server for this.  E.g.

server {
    listen  80  default;
    server_name_in_redirect  off;

    return 444;
}

> 	location / {
> 		rewrite ^/(.*)/$ /$1 permanent; # remove trailing slashes for SEO
> 		error_page 404 @drupal; 
> 
> 		try_files $uri @cache;

Directive error_page seems unneeded here.  Additionally it looks 
wrong (note that there is no '=').

> 	}
> 
> 	location @cache {
> 		if ( $request_method !~ GET ) { 
> 			return 599;
> 		}
> 		if ($http_cookie ~ "DRUPAL_UID") {
> 			return 599;
> 		}
> 		error_page 599 = @drupal;
> 
> 		expires epoch;
> 		add_header Cache-Control "must-revalidate, post-check=0, pre-check=0";
> 		charset utf-8;
> 
> 		try_files /cache/$host${uri}_$args.html @drupal;
> 	}
> 
> 	location @drupal {
> 		rewrite ^/(.*)$ /index.php?q=$1 last;
> 	}
> 
> 	location ~ \.php$ {
> 		try_files $uri @drupal; #check for existence of php file
> 		fastcgi_pass 127.0.0.1:9000;
> 		fastcgi_index index.php;
> 		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
> 		include /etc/nginx/fastcgi_params;
> 	}
> 
> 	location ~ \.css$ {
> 		if ( $request_method !~ GET ) {
> 			return 598;
> 		}
> 		if ($http_cookie ~ "DRUPAL_UID") {
> 			return 598;
> 		}
> 		error_page 598 = @x598;
> 
> 		access_log      off;
> 		error_log /dev/null crit; # prevent debugging  if compiled --with-debug
> 		expires         max; #if using aggregator
> 
> 		try_files /cache/$host${uri}_.css $uri @x404;
> 	}
> 	
> 	location ~ \.js$ {
> 		if ( $request_method !~ GET ) {
> 			return 598;
> 		}
> 		if ($http_cookie ~ "DRUPAL_UID") {
> 			return 598;
> 		}
>     error_page 598 = @x598;
> 
> 		access_log  off;
> 		expires  max; # if using aggregator
> 
> 		try_files /cache/$host${uri}_.js $uri @x404;
> 	}
> 
> 	location @x598 {
> 		access_log  off;
> 		expires  max; # max if using aggregator, otherwise sane expire time
> 	}
> 
> 	location ~* ^.+\.(jpg|jpeg|gif|png|ico)$ {
> 		if ($http_referer !~ ^(http://example.com) ) { # prevent image hijacking
> 			return 444;
> 		}
> 
> 		access_log      off;
> 		expires         45d;
> 
> 		try_files $uri @x404;

It should be enough to use 

    try_files  $uri  =404;

instead as of 0.7.51+.

Maxim Dounin

> 	}
> 
> 	location @x404 {
> 		return 404;
> 	}
> 
> 	location ~ /\. {
> 		deny all;
> 	}
> 
> 	location ~* ((cron\.php|settings\.php)|\.(htaccess|engine|inc|info|install|module|profile|pl|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(Entries.*|Repository|Root|Tag|Template))$ {
> 		deny all;
> 	}
> }
> 
> 
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,3482,3482#msg-3482
> 
> 





More information about the nginx mailing list