virtual include authorization using proxy_pass and X-Accel-Redirect
Igor Sysoev
is at rambler-co.ru
Tue Dec 9 14:03:14 MSK 2008
On Mon, Dec 08, 2008 at 08:32:36PM +0100, Hannes Haug wrote:
> I'd like to implement authorization using proxy_pass and X-Accel-Redirect like
>
> # Pass all requests to the application server.
> # This performs access control and returns either
> # X-Accel-Redirect: /internal/... (allow)
> # or status 403 (deny).
> location / {
> proxy_path http://application_server:port
> }
>
> # Serve resources checked by the application.
> location /internal/ {
> internal;
> rewrite ^/internal/(.*) $1;
> }
>
> Is there a way to enforce this authorization for virtual includes, too?
> <!--# include virtual="/internal/..."-->
> seems to bypass the check since it's an internal request.
You should use some other prefix in virtual include to pass it
to the application_server:port as "/internal/..." goes directly to
location /internal/.
A side note: instead of
location /internal/ {
rewrite ^/internal/(.*) $1;
it's better to use
location /internal/ {
alias /path/to/root/;
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list