Welcome! Log In Create A New Profile

Advanced

So is "rewrite_by_lua" also evil?

Nginx User
October 11, 2011 12:04PM
I have the following simplified setup ...

server {
...
location @proxy {
include /etc/nginx/firewall.default;
proxy_pass http://127.0.0.1:8080;
...
}
location ~ ^.+\.php$ {
content_by_lua 'ngx.exec("@proxy");';
}
location / {
try_files $uri $uri/ @proxy;
}
}
Basically, everything that cannot be found by nginx, as well as php
requests, are sent to the proxy

Now, note the filter.default file in the @proxy location. I use this
to run some tests on these requests for security and my logs show them
catching all sorts of exploit attempts.

Anyway, when I have the following (simplified) in firewall.default ....

if ($http_user_agent ~* libwww ) {
return 403;
}

.... everything is fine. When a php request is made, libwww user agents
are denied and others get the php output.

When I use the following (simplified) rewrite_by_lua equivalent instead ....

rewrite_by_lua '
if ngx.var.http_user_agent == "libwww" then
ngx.exit(ngx.HTTP_FORBIDDEN)
end
';

The php file is downloaded. Obviously I don't have the "libwww" when
testing so I suppose the lua "if" block is skipped at which point the
physical php file is found and sent to the user as is and the
proxy_pass directive is not run.

Looks similar to the sort of unexpected behaviour from the rewrite
module's "if".

Any ideas what gives? Why isn't rewrite_by_lua behaving like the rewrite module?

Thanks

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

So is "rewrite_by_lua" also evil?

Nginx User October 11, 2011 12:04PM

Re: So is "rewrite_by_lua" also evil?

agentzh October 11, 2011 08:18PM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 12, 2011 12:14AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 12, 2011 12:22AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 12, 2011 12:50AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 12, 2011 02:38PM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 12, 2011 05:36PM

Re: So is "rewrite_by_lua" also evil?

agentzh October 12, 2011 10:08PM

Re: So is "rewrite_by_lua" also evil?

agentzh October 12, 2011 11:58PM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 13, 2011 12:36AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 13, 2011 12:34AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 13, 2011 12:56AM

Re: So is "rewrite_by_lua" also evil?

Eugaia October 14, 2011 07:02AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 14, 2011 07:42AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 12, 2011 09:36PM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 13, 2011 12:32AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 13, 2011 12:54AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 13, 2011 02:02AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 13, 2011 12:12PM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 13, 2011 08:18PM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 14, 2011 09:28AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 14, 2011 03:26PM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 14, 2011 03:26PM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 14, 2011 04:42PM

Re: So is "rewrite_by_lua" also evil?

agentzh October 15, 2011 02:38AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 15, 2011 04:48AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 15, 2011 05:42AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 15, 2011 05:58AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 15, 2011 06:08AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 15, 2011 07:38AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 15, 2011 09:24AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 15, 2011 10:22AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 16, 2011 12:30AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 16, 2011 07:12AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 16, 2011 11:44AM

Re: So is "rewrite_by_lua" also evil?

Eugaia October 15, 2011 06:26AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 15, 2011 07:08AM

Re: So is "rewrite_by_lua" also evil?

Eugaia October 15, 2011 06:18AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 15, 2011 06:34AM

Re: So is "rewrite_by_lua" also evil?

Eugaia October 15, 2011 06:46AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 15, 2011 07:10AM

Re: So is "rewrite_by_lua" also evil?

Eugaia October 15, 2011 07:40AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 16, 2011 12:18AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 14, 2011 09:28PM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 15, 2011 04:34AM

Re: So is "rewrite_by_lua" also evil?

agentzh October 13, 2011 08:38PM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 14, 2011 04:32AM

Re: So is "rewrite_by_lua" also evil?

MyName October 12, 2011 06:23AM

Re: So is "rewrite_by_lua" also evil?

Nginx User October 12, 2011 06:32AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 73
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready