> hmm, so adding '^~' to the front of location /foo/bar/ makes "internal"
> directive work correctly. All direct access to "/foo/bar/sth/sth.html" are
> blocked with 404 now.
> However, the proxy_pass inside '/foo/bar/' location still doesn't work.
You are using 'internal' in a wrong way (at least judging from your
configuration excerpts).
If you read the documentation
http://nginx.org/en/docs/http/ngx_http_core_module.html#internal you should
see that internal locations can't be accessed directly from client/browser
but need some sort of _internal_ redirect.
If there is a need for a backend application to check for permissions but
serve the file from nginx (while the same time denying direct access) one
way to do it is making the backend application to send 'X-Accel-Redirect'
header ( some examples: http://wiki.nginx.org/XSendfile ).
You can also try auth_request_module by Maxim Dounin (
http://mdounin.ru/hg/ngx_http_auth_request_module/file/a29d74804ff1/README
/ http://forum.nginx.org/read.php?2,58047,58047#msg-58047 )
... or access_by_lua from nginx_lua module by agentzh (
https://github.com/chaoslawful/lua-nginx-module )
rr
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx