Mercurial > hg > nginx-site

diff xml/en/docs/http/ngx_http_internal_redirect_module.xml @ 2956:a85e4d126bc7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated docs for the upcoming NGINX Plus release.
author Yaroslav Zhuravlev <yar@nginx.com>
date Tue, 02 May 2023 11:39:21 +0100
parents
children
line wrap: on
line diff
new file mode 100644
--- /dev/null
+++ b/xml/en/docs/http/ngx_http_internal_redirect_module.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0"?>
+
+<!--
+  Copyright (C) Nginx, Inc.
+  -->
+
+<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">
+
+<module name="Module ngx_http_internal_redirect_module"
+        link="/en/docs/http/ngx_http_internal_redirect_module.html"
+        lang="en"
+        rev="1">
+
+<section id="summary">
+
+<para>
+The <literal>ngx_http_internal_redirect_module</literal> module (1.23.4) allows
+making an internal redirect.
+In contrast to
+<link doc="ngx_http_rewrite_module.xml">rewriting URIs</link>,
+the redirection is made after checking
+<link doc="ngx_http_limit_req_module.xml">request</link> and
+<link doc="ngx_http_limit_conn_module.xml">connection</link> processing limits,
+and <link doc="ngx_http_access_module.xml">access</link> limits.
+</para>
+
+<para>
+<note>
+This module is available as part of our
+<commercial_version>commercial subscription</commercial_version>.
+</note>
+</para>
+
+</section>
+
+
+<section id="example" name="Example Configuration">
+
+<para>
+<example>
+limit_req_zone $jwt_claim_sub zone=jwt_sub:10m rate=1r/s;
+
+server {
+    location / {
+        auth_jwt          "realm";
+        auth_jwt_key_file key.jwk;
+
+        internal_redirect @rate_limited;
+    }
+
+    location @rate_limited {
+        internal;
+
+        limit_req  zone=jwt_sub burst=10;
+        proxy_pass http://backend;
+    }
+}
+</example>
+The example implements
+<link url="https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2">per-user</link>
+<link doc="ngx_http_limit_req_module.xml">rate limiting</link>.
+Implementation without <link id="internal_redirect">internal_redirect</link>
+is vulnerable to DoS attacks by unsigned JWTs, as normally the
+<link doc="ngx_http_limit_req_module.xml" id="limit_req">limit_req</link>
+check is performed
+<link doc="../dev/development_guide.xml" id="http_phases">before</link>
+<link doc="ngx_http_auth_jwt_module.xml" id="auth_jwt">auth_jwt</link> check.
+Using <link id="internal_redirect">internal_redirect</link>
+allows reordering these checks.
+</para>
+
+</section>
+
+
+<section id="directives" name="Directives">
+
+<directive name="internal_redirect">
+<syntax><value>uri</value></syntax>
+<default/>
+<context>server</context>
+<context>location</context>
+
+<para>
+Sets the URI for internal redirection of the request.
+It is also possible to use a
+<link doc="ngx_http_core_module.xml" id="location_named">named location</link>
+instead of the URI.
+The <value>uri</value> value can contain variables.
+If the <value>uri</value> value is empty,
+then the redirect will not be made.
+</para>
+
+</directive>
+
+</section>
+
+</module>