Questions about proxy_pass and internal directives

Valentin V. Bartenev ne at vbart.ru
Fri Oct 19 00:38:46 UTC 2012


On Friday 19 October 2012 04:08:21 mrtn wrote:
> Reinis Rozitis Wrote:
> -------------------------------------------------------
> 
> > You are using 'internal' in a wrong way (at least judging from your
> > configuration excerpts).
> > 
> > If you read the documentation
> > http://nginx.org/en/docs/http/ngx_http_core_module.html#internal you
> > should
> > see that internal locations can't be accessed directly from
> > client/browser
> > but need some sort of _internal_ redirect.
> > 
> > 
> > 
> > If there is a need for a backend application to check for permissions
> > but
> > serve the file from nginx (while the same time denying direct access)
> > one
> > way to do it is making the backend application to send
> > 'X-Accel-Redirect'
> > header ( some examples: http://wiki.nginx.org/XSendfile ).
> 
> That's exactly what I am doing.
> 
> location ^~ /foo/bar/ {
>                 internal;
>                 proxy_pass              http://127.0.0.1:8080;
>                 proxy_redirect         off;
> }
> 
> I use "internal" directive to block direct access to anything
> "/foo/bar/,,,", which seems to be what nginx is doing. At the same time, I
> proxy_pass the request to the backend application server to check for
> permissions. If success, the backend server sends a 'X-Accel-Redirect'
> header back to nginx to serve the file.
> [...]

It seems you misunderstand the "location" directive.
http://nginx.org/en/docs/http/ngx_http_core_module.html#location

"Sets a configuration based on a request URI.", that's all. You protect this 
location (i.e. configuration, including proxy_pass and so on) from external 
requests.

 wbr, Valentin V. Bartenev

--
http://nginx.com/support.html
http://nginx.org/en/donation.html



More information about the nginx mailing list