unexpected location regex behaviour

Peter Molnar hello at petermolnar.eu
Wed Mar 9 11:31:08 UTC 2016


Dear nginx.org,

I'm facing some strange, unexpected regex behaviour in my setup.
Nginx is 1.9.12, self compiled, with openssl-1.0.2g and with the
following modules:
- echo-nginx-module (https://github.com/agentzh/echo-nginx-module.git)
- headers-more-nginx-module
(https://github.com/agentzh/headers-more-nginx-module.git)
- ngx_upstream_status
(https://github.com/petermolnar/ngx_upstream_status.git)
- ngx-fancyindex (https://github.com/aperezdc/ngx-fancyindex.git)
- ngx_devel_kit (https://github.com/simpl/ngx_devel_kit.git)
- set-misc-nginx-module (https://github.com/openresty/set-misc-nginx-module)

Apart from this issue, everything is fine and working as expected.


The regexes
-----------

```
location ~ "^(?:(?!.*/files/.*-[0-9]{2,4}x[0-9]{2,4}).)*\.jpe?g$" {
    rewrite ^/files(.*) /wp-content/files$1 last;
    allow 127.0.0.1;
    deny all;
}

location ~ "^/files/(.*)$" {
    try_files /wp-content/cache/$1 /wp-content/files/$1 @filesmagic;
}

location @filesmagic {
    rewrite "^/files/(.*?)-[0-9]{2,4}x[0-9]{2,4}\.jpg$"
/wp-content/cache/$1-180x180.jpg last;
}
```

Expected behaviour
------------------

The goal of the first rule is to block access to original, unresized
files in a WordPress setup. Resized files all match the
filename-[width]x[height].jpe?g pattern, therefore if a query is jpg,
but doesn't match this, it should be blocked outside of localhost.

The second is to have shorter urls and checks for file existence in
cache and files folder; in case it fails, it should go to the
@filesmagic locations.

In @filesmagic, in case the pattern matches the afromentioned resized
jpg format, but the file doesn't exist ( that is how we should have
gotten into this location block ) show a smaller version which should
always exist.

This is what should happen:
http://domain.com/files/large_original_image.jpg
- full size image, should be blocked

http://domain.com/files/large_original_image-1280x1280.jpg
- resized image, file exists, should be served

http://domain.com/files/large_original_image-800x800.jpg
- resized image, file does not exist, smaller file should be served



The actual behaviour
--------------------

When a nonexistent size is queried, the first rule is hit, thus it gets
blocked and returns a 403.

This is what happens:

http://domain.com/files/large_original_image.jpg
- full size image, blocked

http://domain.com/files/large_original_image-1280x1280.jpg
- resized image, file exists, served

http://domain.com/files/large_original_image-800x800.jpg
- resized image, file does not exist, blocked by first rule


Tt is for sure blocked by that rule; in case the block is removed, the
serving of smaller image instead of nonexistent is working as expected.


Any help would be appreciated.


Thank you in advance,
-- 
Peter Molnar

hello at petermolnar.eu
https://petermolnar.eu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x6C1F051F.asc
Type: application/pgp-keys
Size: 22235 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160309/ec799306/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160309/ec799306/attachment-0001.bin>


More information about the nginx mailing list