Hi,
I'm trying to work out the best way to setup the proxy_pass url and
which variables to use. Initially we were using proxy_pass to proxy to a
single https URL, we used a rewrite to change https://hostname/ to
https://hostname/index.html.
We've recently discovered issues due to the single DNS query nginx
performs so moved to using a variable for the hostname, this required us
to set proxy_pass to the full requests url. We started with :
proxy_pass ${content_server}content$request_uri
This worked as expected but our rewrite rules failed to work, looking at
the documentation, this is seems to be expected since this is the
request pre-processing by nginx.
We then moved to :
proxy_pass ${content_server}content$uri
This works fine with the rewrite rules but I noticed a comment on
StackOverflow stating this opens you up to header injection
vulnerabilities. Is there a variable / combination of variables that
allow you to preserve rewrites without the potential security issues, or
a better way of doing this ensuring we can use variables in the
proxy_pass hostname?
Regards
Rob
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx