Matching & Acting upon Headers received from Upstream with proxy_pass
Alec Muffett
alec.muffett at gmail.com
Fri Feb 1 14:32:18 UTC 2019
On Fri, 1 Feb 2019 at 13:30, Maxim Dounin <mdounin at mdounin.ru> wrote:
Hi Maxim!
The 406 looks wrong to me. It tells the client that the response
> is not acceptable as per accept headers in the request. In your
> case it is more like 500,
Concur. I did some research on Wikipedia and followed Cloudflare's example
to use 520.
Note well that HTTP servers are allowed to return gzipped
> responses even to requests with "Accept-Encoding: identify".
> Quoting RFC 2616 (https://tools.ietf.org/html/rfc2616#section-10.4.7):
>
> Note: HTTP/1.1 servers are allowed to return responses which are
> not acceptable according to the accept headers sent in the
> request. In some cases, this may even be preferable to sending a
> 406 response. User agents are encouraged to inspect the headers of
> an incoming response to determine if it is acceptable.
>
Being a reverse proxy, in a sense it is that sort of inspection which I am
attempting :-)
They are certainly allowed to do it in this circumstance, but it's not
helpful for the proxy in question.
This is not going to work as rewrite module directives are
> processed while selecting a configuration to work with (see
> http://nginx.org/en/docs/http/ngx_http_rewrite_module.html).
> Obviously enough this happens before the request is passed to the
> upstream, and before the response is received.
>
Yep. NGINX is a marvel, but working out which bits of configuration are
executed in what order, is still a challenge for me without coffee.
> You should be able to do what you want by writing a header filter
> which will check headers returned and will return an error if
> these headers don't match your expectations.
>
Eventually I went with this, using Lua; I am still trying to work out how
to make it return an informative message AS WELL AS the 520 error code,
perhaps by using an internal redirect?
I am wondering whether a header filter can cause an internal redirect to a
more useful "520 page"
Thank you for getting back to me! :-)
- alec
Extract from:
https://github.com/alecmuffett/eotk/blob/master/templates.d/nginx.conf.txt
init_by_lua_block {
Dictionary = function (list)
local set = {}
for _, l in ipairs(list) do set[l] = true end
return set
end
is_compression = Dictionary{ "br", "compress", "deflate", "gzip", }
}
header_filter_by_lua_block {
local ce = ngx.var.upstream_http_content_encoding or ""
if is_compression[ce] then
-- I'd prefer to do something nice like this:
-- ngx.status = 520
-- ngx.say("upstream content was compressed and therefore not
rewritable")
-- ngx.exit(ngx.OK)
-- ...but say() needs an API that is not available in this phase:
--
https://github.com/openresty/lua-nginx-module#header_filter_by_lua
-- therefore:
ngx.exit(520) -- en.wikipedia.org/wiki/List_of_HTTP_status_codes
end
}
--
http://dropsafe.crypticide.com/aboutalecm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190201/53009469/attachment.html>
More information about the nginx
mailing list