Allow internal redirect to URI x, but deny external request for x?

lists lists at lazygranch.com
Fri Aug 30 21:23:43 UTC 2019


I've been following this thread not really out of need but rather that it is really interesting. That said, I don't think for security you want to "escape" the web root. The risk is that might aid a traversal attack. 







	  Original Message  



From: hobson42 at gmail.com
Sent: August 30, 2019 12:01 PM
To: nginx at nginx.org
Reply-to: nginx at nginx.org
Subject: Re: Allow internal redirect to URI x, but deny external request for x?


Hi Lewis,

On 30/08/19 18:33, J. Lewis Muir wrote:
> Hello!
>
> I'm using nginx 1.12.2 on RHEL 7, and I've got a FastCGI web app that
> uses a deployment structure which uses an atomic symlink change for an
> atomic app deploy, and I'm wishing to be able to do an internal redirect
> in nginx to URL x, but deny an external request to the same URL x so
> that I don't serve the same content at more than one URL.  Is there a
> way to do that?
>
You could place the different versions away from the root so they cannot
be obtained from the web. Then they can be served by setting up a
symlink to the desired version.

This can be changed using "ln -sfn version/dir serving/root" and then
restarting nginx to pick up the new version.

By not using redirects, this method should be more efficient.

Regards

Ian

--
Ian Hobson

_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx


More information about the nginx mailing list