Hi Mark,
On 30/08/19 22:23, lists wrote:
I've been following this thread not really out of need but rather that it is really
interesting. That said, I don't think for security you want to "escape" the web
root. The risk is that might aid a traversal attack.
I am curious to know how this might work. Nginx itself is safe, so it
would have to be a script. And while those may indeed be vulnerable, is
the vulnerability changed by symlinking the root elsewhere? I don't see
any difference myself, but perhaps you know something I don't.
Regards
Ian
Original Message
From: hobso...@gmail.com
Sent: August 30, 2019 12:01 PM
To: nginx@nginx.org
Reply-to: nginx@nginx.org
Subject: Re: Allow internal redirect to URI x, but deny external request for x?
Hi Lewis,
On 30/08/19 18:33, J. Lewis Muir wrote:
Hello!
I'm using nginx 1.12.2 on RHEL 7, and I've got a FastCGI web app that
uses a deployment structure which uses an atomic symlink change for an
atomic app deploy, and I'm wishing to be able to do an internal redirect
in nginx to URL x, but deny an external request to the same URL x so
that I don't serve the same content at more than one URL. Is there a
way to do that?
You could place the different versions away from the root so they cannot
be obtained from the web. Then they can be served by setting up a
symlink to the desired version.
This can be changed using "ln -sfn version/dir serving/root" and then
restarting nginx to pick up the new version.
By not using redirects, this method should be more efficient.
Regards
Ian
--
Ian Hobson
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
--
Ian Hobson
Tel (+351) 910 418 473
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
