From b48f39da4cf33a0f21104d1b1dbc44d2a950db02 Mon Sep 17 00:00:00 2001 From: ghost Date: Thu, 23 Nov 2023 19:51:48 +0200 Subject: [PATCH] prevent out redirects #2 --- nginx/opennet/locations.conf | 5 ++++- nginx/opennet/locations/handle/redirect.conf | 9 +++++++++ nginx/opennet/locations/include/common.conf | 4 ++++ 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 nginx/opennet/locations/handle/redirect.conf diff --git a/nginx/opennet/locations.conf b/nginx/opennet/locations.conf index 1fc95d2..04fcba8 100644 --- a/nginx/opennet/locations.conf +++ b/nginx/opennet/locations.conf @@ -35,4 +35,7 @@ include /etc/nginx/opennet/locations/solaris.conf; include /etc/nginx/opennet/locations/web.conf; # wiki -include /etc/nginx/opennet/locations/wiki.conf; \ No newline at end of file +include /etc/nginx/opennet/locations/wiki.conf; + +# handles (do not delete) +include /etc/nginx/opennet/locations/handle/redirect.conf; \ No newline at end of file diff --git a/nginx/opennet/locations/handle/redirect.conf b/nginx/opennet/locations/handle/redirect.conf new file mode 100644 index 0000000..7f268d1 --- /dev/null +++ b/nginx/opennet/locations/handle/redirect.conf @@ -0,0 +1,9 @@ +# Prevent out redirects (solution for issue #2) + +location @opennet_locations_handle_redirect { + + set $original_uri $uri; + set $orig_loc $upstream_http_location; + + proxy_pass $orig_loc; +} \ No newline at end of file diff --git a/nginx/opennet/locations/include/common.conf b/nginx/opennet/locations/include/common.conf index a01f4a7..58c1db0 100644 --- a/nginx/opennet/locations/include/common.conf +++ b/nginx/opennet/locations/include/common.conf @@ -6,6 +6,10 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; +# Prevent out redirects (issue #2) +proxy_intercept_errors on; +error_page 301 302 307 = @opennet_locations_handle_redirect; + # Replace all matches sub_filter_once off;