Allow internal redirect to URI x, but deny external request for x?

lists lists at
Fri Aug 30 21:23:43 UTC 2019

I've been following this thread not really out of need but rather that it is really interesting. That said, I don't think for security you want to "escape" the web root. The risk is that might aid a traversal attack. 

	  Original Message  

From: hobson42 at
Sent: August 30, 2019 12:01 PM
To: nginx at
Reply-to: nginx at
Subject: Re: Allow internal redirect to URI x, but deny external request for x?

Hi Lewis,

On 30/08/19 18:33, J. Lewis Muir wrote:
> Hello!
> I'm using nginx 1.12.2 on RHEL 7, and I've got a FastCGI web app that
> uses a deployment structure which uses an atomic symlink change for an
> atomic app deploy, and I'm wishing to be able to do an internal redirect
> in nginx to URL x, but deny an external request to the same URL x so
> that I don't serve the same content at more than one URL.  Is there a
> way to do that?
You could place the different versions away from the root so they cannot
be obtained from the web. Then they can be served by setting up a
symlink to the desired version.

This can be changed using "ln -sfn version/dir serving/root" and then
restarting nginx to pick up the new version.

By not using redirects, this method should be more efficient.



Ian Hobson

nginx mailing list
nginx at

More information about the nginx mailing list