Mercurial > hg > nginx-site
diff xml/en/docs/http/ngx_http_internal_redirect_module.xml @ 2956:a85e4d126bc7
Updated docs for the upcoming NGINX Plus release.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Tue, 02 May 2023 11:39:21 +0100 |
parents | |
children |
line wrap: on
line diff
new file mode 100644 --- /dev/null +++ b/xml/en/docs/http/ngx_http_internal_redirect_module.xml @@ -0,0 +1,97 @@ +<?xml version="1.0"?> + +<!-- + Copyright (C) Nginx, Inc. + --> + +<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> + +<module name="Module ngx_http_internal_redirect_module" + link="/en/docs/http/ngx_http_internal_redirect_module.html" + lang="en" + rev="1"> + +<section id="summary"> + +<para> +The <literal>ngx_http_internal_redirect_module</literal> module (1.23.4) allows +making an internal redirect. +In contrast to +<link doc="ngx_http_rewrite_module.xml">rewriting URIs</link>, +the redirection is made after checking +<link doc="ngx_http_limit_req_module.xml">request</link> and +<link doc="ngx_http_limit_conn_module.xml">connection</link> processing limits, +and <link doc="ngx_http_access_module.xml">access</link> limits. +</para> + +<para> +<note> +This module is available as part of our +<commercial_version>commercial subscription</commercial_version>. +</note> +</para> + +</section> + + +<section id="example" name="Example Configuration"> + +<para> +<example> +limit_req_zone $jwt_claim_sub zone=jwt_sub:10m rate=1r/s; + +server { + location / { + auth_jwt "realm"; + auth_jwt_key_file key.jwk; + + internal_redirect @rate_limited; + } + + location @rate_limited { + internal; + + limit_req zone=jwt_sub burst=10; + proxy_pass http://backend; + } +} +</example> +The example implements +<link url="https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2">per-user</link> +<link doc="ngx_http_limit_req_module.xml">rate limiting</link>. +Implementation without <link id="internal_redirect">internal_redirect</link> +is vulnerable to DoS attacks by unsigned JWTs, as normally the +<link doc="ngx_http_limit_req_module.xml" id="limit_req">limit_req</link> +check is performed +<link doc="../dev/development_guide.xml" id="http_phases">before</link> +<link doc="ngx_http_auth_jwt_module.xml" id="auth_jwt">auth_jwt</link> check. +Using <link id="internal_redirect">internal_redirect</link> +allows reordering these checks. +</para> + +</section> + + +<section id="directives" name="Directives"> + +<directive name="internal_redirect"> +<syntax><value>uri</value></syntax> +<default/> +<context>server</context> +<context>location</context> + +<para> +Sets the URI for internal redirection of the request. +It is also possible to use a +<link doc="ngx_http_core_module.xml" id="location_named">named location</link> +instead of the URI. +The <value>uri</value> value can contain variables. +If the <value>uri</value> value is empty, +then the redirect will not be made. +</para> + +</directive> + +</section> + +</module>