Nginx Cache and WP canonical URL create infinite loop (bug ?)
Simone Fumagalli
simone.fumagalli at contactlab.com
Wed Nov 23 16:26:54 UTC 2011
Hello everybody.
Just want to report this to all people who have an NGINX that cache request in front a Wordpress installation
Scenario
- Nginx is configured as reverse proxy in front of an Apache that run Wordpress.
- proxy_cache_key is not defined so is $scheme$proxy_host$request_uri;
Let's say a client require the page http://www.mysite.com/my-page// (yes double slash at the end) that is not cached
1) Nginx pass the request to Apache/Wordpress
2) Apache/Wordpress process the request and reply with a 301 and sends the client to http://www.mysite.com/my-page/ because is the canonical URL
3) Nginx save in the cache the response with these data
KEY: http://www.mysite.com/my-page/
HTTP/1.0 301 Moved Permanently
[..]
Location: http://www.mysite.com/my-page/
[..]
As you can see the KEY is equal to Location
4) The user/browser send a request for http://www.mysite.com/my-page/ (just one slash)
5) Nginx find the key in the cache and so redirect the browser to http://www.mysite.com/my-page/ causing an infinite loop
Conclusions
- All the users that require the page http://www.mysite.com/my-page/ while is cached are send in the loop
- This happen of course also for requests with a number of slashes at the end > 2
- I can't call this bug but is just an "unexpected" behaviour, for sure a malicious user can overload your site or make pages un-available with these kind of requests.
- There are probably other type of URL that create this situation. Have found any until now, can someone point one out ?
- Is there a way to avoid this ?
Thanks
--
Simone
More information about the nginx
mailing list