Mercurial > hg > nginx-site

view xml/en/docs/http/ngx_http_internal_redirect_module.xml @ 2956:a85e4d126bc7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Updated docs for the upcoming NGINX Plus release.
author Yaroslav Zhuravlev <yar@nginx.com>
date Tue, 02 May 2023 11:39:21 +0100
parents
children
line wrap: on
line source

<?xml version="1.0"?>

<!--
  Copyright (C) Nginx, Inc.
  -->

<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">

<module name="Module ngx_http_internal_redirect_module"
        link="/en/docs/http/ngx_http_internal_redirect_module.html"
        lang="en"
        rev="1">

<section id="summary">

<para>
The <literal>ngx_http_internal_redirect_module</literal> module (1.23.4) allows
making an internal redirect.
In contrast to
<link doc="ngx_http_rewrite_module.xml">rewriting URIs</link>,
the redirection is made after checking
<link doc="ngx_http_limit_req_module.xml">request</link> and
<link doc="ngx_http_limit_conn_module.xml">connection</link> processing limits,
and <link doc="ngx_http_access_module.xml">access</link> limits.
</para>

<para>
<note>
This module is available as part of our
<commercial_version>commercial subscription</commercial_version>.
</note>
</para>

</section>


<section id="example" name="Example Configuration">

<para>
<example>
limit_req_zone $jwt_claim_sub zone=jwt_sub:10m rate=1r/s;

server {
    location / {
        auth_jwt          "realm";
        auth_jwt_key_file key.jwk;

        internal_redirect @rate_limited;
    }

    location @rate_limited {
        internal;

        limit_req  zone=jwt_sub burst=10;
        proxy_pass http://backend;
    }
}
</example>
The example implements
<link url="https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2">per-user</link>
<link doc="ngx_http_limit_req_module.xml">rate limiting</link>.
Implementation without <link id="internal_redirect">internal_redirect</link>
is vulnerable to DoS attacks by unsigned JWTs, as normally the
<link doc="ngx_http_limit_req_module.xml" id="limit_req">limit_req</link>
check is performed
<link doc="../dev/development_guide.xml" id="http_phases">before</link>
<link doc="ngx_http_auth_jwt_module.xml" id="auth_jwt">auth_jwt</link> check.
Using <link id="internal_redirect">internal_redirect</link>
allows reordering these checks.
</para>

</section>


<section id="directives" name="Directives">

<directive name="internal_redirect">
<syntax><value>uri</value></syntax>
<default/>
<context>server</context>
<context>location</context>

<para>
Sets the URI for internal redirection of the request.
It is also possible to use a
<link doc="ngx_http_core_module.xml" id="location_named">named location</link>
instead of the URI.
The <value>uri</value> value can contain variables.
If the <value>uri</value> value is empty,
then the redirect will not be made.
</para>

</directive>

</section>

</module>