Allow internal redirect to URI x, but deny external request for x?

Francis Daly francis at daoine.org
Fri Aug 30 20:54:40 UTC 2019


On Fri, Aug 30, 2019 at 01:58:23PM -0500, J. Lewis Muir wrote:

Hi there,

>   location ~ ^/my-app/(.*?[^/]\.php(?:/.*|$)) {
>     alias /srv/www/my-app/current/$1;
>     fastcgi_split_path_info ^(.+?\.php)(/.*)$;
>     return 200 "realpath_root: $realpath_root\nfastcgi_script_name: $fastcgi_script_name\nfastcgi_path_info: $fastcgi_path_info\n";
>   }
> 
> which yields the following:
> 
>   $ curl http://localhost/my-app/
>   realpath_root: /srv/www/my-app/releases/1.0.2/index.php
>   fastcgi_script_name: /my-app/index.php
>   fastcgi_path_info:
> 
> That doesn't seem right.

Why not?

http://nginx.org/r/$realpath_root says is it the current root or alias
value, resolving symlinks.

The request was /my-app/, the current request is /my-app/index.php,
and you have alias'ed that to /srv/www/my-app/current/index.php

http://nginx.org/r/$fastcgi_script_name (and what follows) describes
the other variables.

The request is /my-app/index.php and your fastcgi_split_path_info sets
$fastcgi_script_name to "everything up to .php" and $fastcgi_path_info to
"everything after .php", so long as .php is followed by / -- which it
isn't, so both are unchanged from their defaults of "the uri" and "empty".

(I'm somewhat guessing about the last part there; a test can probably
demonstrate whether it is incorrect.)

Cheers,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list