Allow internal redirect to URI x, but deny external request for x?
Francis Daly
francis at daoine.org
Fri Aug 30 20:54:40 UTC 2019
On Fri, Aug 30, 2019 at 01:58:23PM -0500, J. Lewis Muir wrote:
Hi there,
> location ~ ^/my-app/(.*?[^/]\.php(?:/.*|$)) {
> alias /srv/www/my-app/current/$1;
> fastcgi_split_path_info ^(.+?\.php)(/.*)$;
> return 200 "realpath_root: $realpath_root\nfastcgi_script_name: $fastcgi_script_name\nfastcgi_path_info: $fastcgi_path_info\n";
> }
>
> which yields the following:
>
> $ curl http://localhost/my-app/
> realpath_root: /srv/www/my-app/releases/1.0.2/index.php
> fastcgi_script_name: /my-app/index.php
> fastcgi_path_info:
>
> That doesn't seem right.
Why not?
http://nginx.org/r/$realpath_root says is it the current root or alias
value, resolving symlinks.
The request was /my-app/, the current request is /my-app/index.php,
and you have alias'ed that to /srv/www/my-app/current/index.php
http://nginx.org/r/$fastcgi_script_name (and what follows) describes
the other variables.
The request is /my-app/index.php and your fastcgi_split_path_info sets
$fastcgi_script_name to "everything up to .php" and $fastcgi_path_info to
"everything after .php", so long as .php is followed by / -- which it
isn't, so both are unchanged from their defaults of "the uri" and "empty".
(I'm somewhat guessing about the last part there; a test can probably
demonstrate whether it is incorrect.)
Cheers,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list