Mercurial > hg > nginx-site

annotate xml/en/docs/http/ngx_http_internal_redirect_module.xml @ 2956:a85e4d126bc7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated docs for the upcoming NGINX Plus release.
author Yaroslav Zhuravlev <yar@nginx.com>
date Tue, 02 May 2023 11:39:21 +0100
parents
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2956
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
1 <?xml version="1.0"?>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
2
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
3 <!--
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
4 Copyright (C) Nginx, Inc.
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
5 -->
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
6
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
8
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
9 <module name="Module ngx_http_internal_redirect_module"
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
10 link="/en/docs/http/ngx_http_internal_redirect_module.html"
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
11 lang="en"
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
12 rev="1">
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
13
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
14 <section id="summary">
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
15
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
16 <para>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
17 The <literal>ngx_http_internal_redirect_module</literal> module (1.23.4) allows
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
18 making an internal redirect.
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
19 In contrast to
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
20 <link doc="ngx_http_rewrite_module.xml">rewriting URIs</link>,
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
21 the redirection is made after checking
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
22 <link doc="ngx_http_limit_req_module.xml">request</link> and
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
23 <link doc="ngx_http_limit_conn_module.xml">connection</link> processing limits,
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
24 and <link doc="ngx_http_access_module.xml">access</link> limits.
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
25 </para>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
26
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
27 <para>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
28 <note>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
29 This module is available as part of our
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
30 <commercial_version>commercial subscription</commercial_version>.
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
31 </note>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
32 </para>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
33
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
34 </section>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
35
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
36
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
37 <section id="example" name="Example Configuration">
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
38
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
39 <para>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
40 <example>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
41 limit_req_zone $jwt_claim_sub zone=jwt_sub:10m rate=1r/s;
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
42
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
43 server {
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
44 location / {
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
45 auth_jwt "realm";
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
46 auth_jwt_key_file key.jwk;
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
47
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
48 internal_redirect @rate_limited;
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
49 }
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
50
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
51 location @rate_limited {
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
52 internal;
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
53
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
54 limit_req zone=jwt_sub burst=10;
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
55 proxy_pass http://backend;
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
56 }
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
57 }
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
58 </example>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
59 The example implements
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
60 <link url="https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2">per-user</link>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
61 <link doc="ngx_http_limit_req_module.xml">rate limiting</link>.
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
62 Implementation without <link id="internal_redirect">internal_redirect</link>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
63 is vulnerable to DoS attacks by unsigned JWTs, as normally the
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
64 <link doc="ngx_http_limit_req_module.xml" id="limit_req">limit_req</link>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
65 check is performed
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
66 <link doc="../dev/development_guide.xml" id="http_phases">before</link>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
67 <link doc="ngx_http_auth_jwt_module.xml" id="auth_jwt">auth_jwt</link> check.
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
68 Using <link id="internal_redirect">internal_redirect</link>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
69 allows reordering these checks.
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
70 </para>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
71
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
72 </section>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
73
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
74
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
75 <section id="directives" name="Directives">
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
76
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
77 <directive name="internal_redirect">
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
78 <syntax><value>uri</value></syntax>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
79 <default/>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
80 <context>server</context>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
81 <context>location</context>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
82
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
83 <para>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
84 Sets the URI for internal redirection of the request.
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
85 It is also possible to use a
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
86 <link doc="ngx_http_core_module.xml" id="location_named">named location</link>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
87 instead of the URI.
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
88 The <value>uri</value> value can contain variables.
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
89 If the <value>uri</value> value is empty,
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
90 then the redirect will not be made.
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
91 </para>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
92
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
93 </directive>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
94
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
95 </section>
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
96
a85e4d126bc7 Updated docs for the upcoming NGINX Plus release.
Yaroslav Zhuravlev <yar@nginx.com>
parents:
diff changeset
97 </module>