Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_internal_redirect_module.xml @ 2956:a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Tue, 02 May 2023 11:39:21 +0100 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
2955:2c4d7151b9a9 | 2956:a85e4d126bc7 |
---|---|
1 <?xml version="1.0"?> | |
2 | |
3 <!-- | |
4 Copyright (C) Nginx, Inc. | |
5 --> | |
6 | |
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | |
8 | |
9 <module name="Module ngx_http_internal_redirect_module" | |
10 link="/en/docs/http/ngx_http_internal_redirect_module.html" | |
11 lang="en" | |
12 rev="1"> | |
13 | |
14 <section id="summary"> | |
15 | |
16 <para> | |
17 The <literal>ngx_http_internal_redirect_module</literal> module (1.23.4) allows | |
18 making an internal redirect. | |
19 In contrast to | |
20 <link doc="ngx_http_rewrite_module.xml">rewriting URIs</link>, | |
21 the redirection is made after checking | |
22 <link doc="ngx_http_limit_req_module.xml">request</link> and | |
23 <link doc="ngx_http_limit_conn_module.xml">connection</link> processing limits, | |
24 and <link doc="ngx_http_access_module.xml">access</link> limits. | |
25 </para> | |
26 | |
27 <para> | |
28 <note> | |
29 This module is available as part of our | |
30 <commercial_version>commercial subscription</commercial_version>. | |
31 </note> | |
32 </para> | |
33 | |
34 </section> | |
35 | |
36 | |
37 <section id="example" name="Example Configuration"> | |
38 | |
39 <para> | |
40 <example> | |
41 limit_req_zone $jwt_claim_sub zone=jwt_sub:10m rate=1r/s; | |
42 | |
43 server { | |
44 location / { | |
45 auth_jwt "realm"; | |
46 auth_jwt_key_file key.jwk; | |
47 | |
48 internal_redirect @rate_limited; | |
49 } | |
50 | |
51 location @rate_limited { | |
52 internal; | |
53 | |
54 limit_req zone=jwt_sub burst=10; | |
55 proxy_pass http://backend; | |
56 } | |
57 } | |
58 </example> | |
59 The example implements | |
60 <link url="https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2">per-user</link> | |
61 <link doc="ngx_http_limit_req_module.xml">rate limiting</link>. | |
62 Implementation without <link id="internal_redirect">internal_redirect</link> | |
63 is vulnerable to DoS attacks by unsigned JWTs, as normally the | |
64 <link doc="ngx_http_limit_req_module.xml" id="limit_req">limit_req</link> | |
65 check is performed | |
66 <link doc="../dev/development_guide.xml" id="http_phases">before</link> | |
67 <link doc="ngx_http_auth_jwt_module.xml" id="auth_jwt">auth_jwt</link> check. | |
68 Using <link id="internal_redirect">internal_redirect</link> | |
69 allows reordering these checks. | |
70 </para> | |
71 | |
72 </section> | |
73 | |
74 | |
75 <section id="directives" name="Directives"> | |
76 | |
77 <directive name="internal_redirect"> | |
78 <syntax><value>uri</value></syntax> | |
79 <default/> | |
80 <context>server</context> | |
81 <context>location</context> | |
82 | |
83 <para> | |
84 Sets the URI for internal redirection of the request. | |
85 It is also possible to use a | |
86 <link doc="ngx_http_core_module.xml" id="location_named">named location</link> | |
87 instead of the URI. | |
88 The <value>uri</value> value can contain variables. | |
89 If the <value>uri</value> value is empty, | |
90 then the redirect will not be made. | |
91 </para> | |
92 | |
93 </directive> | |
94 | |
95 </section> | |
96 | |
97 </module> |