Menu
Nginx is behaving unexpectedly for me. Here are two simplified location blocks.
This works as expected. Returns 403 error:
location / {
deny all;
root /var/www/test;
}
I expected a 403 error. However, this returns 301 and redirects:
location / {
deny all;
return 301 https://$server_name$request_uri;
}
How can I deny and prevent any url redirection with return directive?
721
You can prevent redirects to other domains by checking the URL being passed to the redirect function. Make sure all redirect URLs are relative paths – i.e. they start with a single / character.
A redirect is when a web page is visited at a certain URL, it changes to a different URL. For instance, a person visits “website.com/page-a” in their browser and they are redirected to “website.com/page-b” instead.
A redirect is a way to send both users and search engines to a different URL from the one they originally requested. The three most commonly used redirects are 301, 302, and Meta Refresh.
In nginx, return directive is from rewrite module, and deny is from access module. According to nginx document and source code, rewrite module is processed in NGX_HTTP_REWRITE_PHASE phase (for return in location context), the access module is processed in NGX_HTTP_ACCESS_PHASE phase, rewrite phase happens before access phase, thus return stops request processing and returns 301 in rewrite phase.
189
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
