Questions about proxy_pass and internal directives
Valentin V. Bartenev
ne at vbart.ru
Fri Oct 19 00:38:46 UTC 2012
On Friday 19 October 2012 04:08:21 mrtn wrote:
> Reinis Rozitis Wrote:
> -------------------------------------------------------
>
> > You are using 'internal' in a wrong way (at least judging from your
> > configuration excerpts).
> >
> > If you read the documentation
> > http://nginx.org/en/docs/http/ngx_http_core_module.html#internal you
> > should
> > see that internal locations can't be accessed directly from
> > client/browser
> > but need some sort of _internal_ redirect.
> >
> >
> >
> > If there is a need for a backend application to check for permissions
> > but
> > serve the file from nginx (while the same time denying direct access)
> > one
> > way to do it is making the backend application to send
> > 'X-Accel-Redirect'
> > header ( some examples: http://wiki.nginx.org/XSendfile ).
>
> That's exactly what I am doing.
>
> location ^~ /foo/bar/ {
> internal;
> proxy_pass http://127.0.0.1:8080;
> proxy_redirect off;
> }
>
> I use "internal" directive to block direct access to anything
> "/foo/bar/,,,", which seems to be what nginx is doing. At the same time, I
> proxy_pass the request to the backend application server to check for
> permissions. If success, the backend server sends a 'X-Accel-Redirect'
> header back to nginx to serve the file.
> [...]
It seems you misunderstand the "location" directive.
http://nginx.org/en/docs/http/ngx_http_core_module.html#location
"Sets a configuration based on a request URI.", that's all. You protect this
location (i.e. configuration, including proxy_pass and so on) from external
requests.
wbr, Valentin V. Bartenev
--
http://nginx.com/support.html
http://nginx.org/en/donation.html
More information about the nginx
mailing list