gixy icon indicating copy to clipboard operation
gixy copied to clipboard
verified publisher icon yandex

Detect unsafe internal redirection

Open buglloc opened this issue 8 years ago • 0 comments

For example:

rewrite ^/(.*)/some$ /$1/ last;

location ~* ^/internal-proxy/(?<proxy_proto>https?)/(?<proxy_host>.*?)/(?<proxy_path>.*)$ {
    internal;

    proxy_pass $proxy_proto://$proxy_host/$proxy_path ;
    proxy_set_header Host $proxy_host;
}

Unfortunately, it is not easy to implement this. Perhaps better for now just report about any internal locations and possible rewrites with INFO severity.

buglloc avatar Apr 03 '17 21:04 buglloc