Reputation: 73
deny all not preventing return redirection
Nginx is behaving unexpectedly for me. Here are two simplified location blocks.
This works as expected. Returns 403 error:
location / {
deny all;
root /var/www/test;
}
I expected a 403 error. However, this returns 301 and redirects:
location / {
deny all;
return 301 https://$server_name$request_uri;
}
How can I deny and prevent any url redirection with return directive?
Upvotes: 7
Views: 3143
Answers (2)
Reputation: 16624
In nginx, return directive is from rewrite module, and deny is from access module. According to nginx document and source code, rewrite module is processed in NGX_HTTP_REWRITE_PHASE phase (for return in location context), the access module is processed in NGX_HTTP_ACCESS_PHASE phase, rewrite phase happens before access phase, thus return stops request processing and returns 301 in rewrite phase.
Upvotes: 23
Reputation: 117
According to Nginx documentation ,
The ngx_http_access_module module allows limiting access to certain client addresses.
You can't restrict access to another module [redirection module here].
To deny/prevent a redirection simply comment it by appending #
location / {
deny all;
# return 301 https://$server_name$request_uri;
}
Upvotes: 0
Related Questions
- Can Nginx return a 503 error code on "deny all"?
- nginx simple deny rule not enforced
- Redirect on deny | htaccess
- nginx deny not working with return
- Nginx deny GET method
- How to prevent rewrite after deny
- Nginx return takes prescedence over deny?
- How to deny with 404 on nginx
- Nginx location with deny doesn't work
- deny access to URL- nginx regex