Mercurial > hg > nginx-site
view xml/en/docs/http/ngx_http_internal_redirect_module.xml @ 2994:537b98ec3c83
Development guide: fixed example code.
The code produced compiler errors.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Thu, 17 Aug 2023 20:31:29 +0400 |
parents | a85e4d126bc7 |
children |
line wrap: on
line source
<?xml version="1.0"?> <!-- Copyright (C) Nginx, Inc. --> <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> <module name="Module ngx_http_internal_redirect_module" link="/en/docs/http/ngx_http_internal_redirect_module.html" lang="en" rev="1"> <section id="summary"> <para> The <literal>ngx_http_internal_redirect_module</literal> module (1.23.4) allows making an internal redirect. In contrast to <link doc="ngx_http_rewrite_module.xml">rewriting URIs</link>, the redirection is made after checking <link doc="ngx_http_limit_req_module.xml">request</link> and <link doc="ngx_http_limit_conn_module.xml">connection</link> processing limits, and <link doc="ngx_http_access_module.xml">access</link> limits. </para> <para> <note> This module is available as part of our <commercial_version>commercial subscription</commercial_version>. </note> </para> </section> <section id="example" name="Example Configuration"> <para> <example> limit_req_zone $jwt_claim_sub zone=jwt_sub:10m rate=1r/s; server { location / { auth_jwt "realm"; auth_jwt_key_file key.jwk; internal_redirect @rate_limited; } location @rate_limited { internal; limit_req zone=jwt_sub burst=10; proxy_pass http://backend; } } </example> The example implements <link url="https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2">per-user</link> <link doc="ngx_http_limit_req_module.xml">rate limiting</link>. Implementation without <link id="internal_redirect">internal_redirect</link> is vulnerable to DoS attacks by unsigned JWTs, as normally the <link doc="ngx_http_limit_req_module.xml" id="limit_req">limit_req</link> check is performed <link doc="../dev/development_guide.xml" id="http_phases">before</link> <link doc="ngx_http_auth_jwt_module.xml" id="auth_jwt">auth_jwt</link> check. Using <link id="internal_redirect">internal_redirect</link> allows reordering these checks. </para> </section> <section id="directives" name="Directives"> <directive name="internal_redirect"> <syntax><value>uri</value></syntax> <default/> <context>server</context> <context>location</context> <para> Sets the URI for internal redirection of the request. It is also possible to use a <link doc="ngx_http_core_module.xml" id="location_named">named location</link> instead of the URI. The <value>uri</value> value can contain variables. If the <value>uri</value> value is empty, then the redirect will not be made. </para> </directive> </section> </module>