Merge of r4473:
Core: protection from cycles with named locations and post_action. Now redirects to named locations are counted against normal uri changes limit, and post_action respects this limit as well. As a result at least the following (bad) configurations no longer trigger infinite cycles: 1. Post action which recursively triggers post action: location / { post_action /index.html; } 2. Post action pointing to nonexistent named location: location / { post_action @nonexistent; } 3. Recursive error page for 500 (Internal Server Error) pointing to a nonexistent named location: location / { recursive_error_pages on; error_page 500 @nonexistent; return 500; }
This commit is contained in:
parent
80c9a0548b
commit
70573cf4db
|
@ -2524,6 +2524,16 @@ ngx_http_named_location(ngx_http_request_t *r, ngx_str_t *name)
|
|||
ngx_http_core_main_conf_t *cmcf;
|
||||
|
||||
r->main->count++;
|
||||
r->uri_changes--;
|
||||
|
||||
if (r->uri_changes == 0) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
"rewrite or internal redirection cycle "
|
||||
"while redirect to named location \"%V\"", name);
|
||||
|
||||
ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
|
||||
return NGX_DONE;
|
||||
}
|
||||
|
||||
cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
|
||||
|
||||
|
|
|
@ -2898,6 +2898,10 @@ ngx_http_post_action(ngx_http_request_t *r)
|
|||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
if (r->post_action && r->uri_changes == 0) {
|
||||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
|
||||
"post action: \"%V\"", &clcf->post_action);
|
||||
|
||||
|
|
Loading…
Reference in New Issue