unexpected location regex behaviour
Peter Molnar
hello at petermolnar.eu
Wed Mar 9 11:31:08 UTC 2016
Dear nginx.org,
I'm facing some strange, unexpected regex behaviour in my setup.
Nginx is 1.9.12, self compiled, with openssl-1.0.2g and with the
following modules:
- echo-nginx-module (https://github.com/agentzh/echo-nginx-module.git)
- headers-more-nginx-module
(https://github.com/agentzh/headers-more-nginx-module.git)
- ngx_upstream_status
(https://github.com/petermolnar/ngx_upstream_status.git)
- ngx-fancyindex (https://github.com/aperezdc/ngx-fancyindex.git)
- ngx_devel_kit (https://github.com/simpl/ngx_devel_kit.git)
- set-misc-nginx-module (https://github.com/openresty/set-misc-nginx-module)
Apart from this issue, everything is fine and working as expected.
The regexes
-----------
```
location ~ "^(?:(?!.*/files/.*-[0-9]{2,4}x[0-9]{2,4}).)*\.jpe?g$" {
rewrite ^/files(.*) /wp-content/files$1 last;
allow 127.0.0.1;
deny all;
}
location ~ "^/files/(.*)$" {
try_files /wp-content/cache/$1 /wp-content/files/$1 @filesmagic;
}
location @filesmagic {
rewrite "^/files/(.*?)-[0-9]{2,4}x[0-9]{2,4}\.jpg$"
/wp-content/cache/$1-180x180.jpg last;
}
```
Expected behaviour
------------------
The goal of the first rule is to block access to original, unresized
files in a WordPress setup. Resized files all match the
filename-[width]x[height].jpe?g pattern, therefore if a query is jpg,
but doesn't match this, it should be blocked outside of localhost.
The second is to have shorter urls and checks for file existence in
cache and files folder; in case it fails, it should go to the
@filesmagic locations.
In @filesmagic, in case the pattern matches the afromentioned resized
jpg format, but the file doesn't exist ( that is how we should have
gotten into this location block ) show a smaller version which should
always exist.
This is what should happen:
http://domain.com/files/large_original_image.jpg
- full size image, should be blocked
http://domain.com/files/large_original_image-1280x1280.jpg
- resized image, file exists, should be served
http://domain.com/files/large_original_image-800x800.jpg
- resized image, file does not exist, smaller file should be served
The actual behaviour
--------------------
When a nonexistent size is queried, the first rule is hit, thus it gets
blocked and returns a 403.
This is what happens:
http://domain.com/files/large_original_image.jpg
- full size image, blocked
http://domain.com/files/large_original_image-1280x1280.jpg
- resized image, file exists, served
http://domain.com/files/large_original_image-800x800.jpg
- resized image, file does not exist, blocked by first rule
Tt is for sure blocked by that rule; in case the block is removed, the
serving of smaller image instead of nonexistent is working as expected.
Any help would be appreciated.
Thank you in advance,
--
Peter Molnar
hello at petermolnar.eu
https://petermolnar.eu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x6C1F051F.asc
Type: application/pgp-keys
Size: 22235 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160309/ec799306/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160309/ec799306/attachment-0001.bin>
More information about the nginx
mailing list