i have nginx running locally and am trying to create a simple dynamic path location.
The location block is:
location ~ ^/users/(.+)$/roles {
return 200;
}
After running, I try to hit the endpoint
http://localhost:80/users/1/roles
But I end up with a 404.
If I change the location block to:
location /users/1/roles {
return 200;
}
I get a 200 and everything works just find. I have been pulling my hair out over this because it seems so simple that I thought a ton of documentation would exist about this. But I can not find a solution, any help would be greatly appreciated.
Related
I'm using Modsecurity v3.0.3 with the blocking module and I need to get my auditlog.
Also, because I need it, I have to use some custom error pages.
Unfortunately, I have my logs, but I'm losing my auditlog.
I tried some forums' help, but it didn't work for me.
One of the forums : https://github.com/SpiderLabs/ModSecurity-nginx/issues/76
Here is the location configuration of my NGinx
Any help or starting point would be appreciated, thanks !
I had the same problem with ModSecurity 3.3.2 + nginx and custom errors, so leaving this here in case other people run into the same issue as it took me a while to find a solution.
The issue in my case was that I had the custom error in nginx return the message directly in the error location block, so something like:
error_page 400 #error400;
location #error_400 {
types {}
default_type application/json;
return 400 '{"message: WHATEVER ERROR"}'
}
So the solution in my case was to put that exact JSON message in a file and reference that file instead, so the above becomes:
error_page 400 /400.json;
location = /400.json {
types {}
default_type application/json;
root /usr/share/nginx/html/custom_errors/;
}
And in that root path I put the 400.json file with that exact error messsage:
cat /usr/share/nginx/html/custom_errors/400.json
{"message: WHATEVER ERROR"}
This brought back the SecAudit Logs from ModSecurity. Hope this helps someone.
Could you elaborate on "losing my auditlog"? This sounds as if you would see it for a moment, but then it disappears.
Also, you link to a very old ModSec issue that has been fixed and released in the meantime. Where is the connection?
I'm using S3 Uploads to offload my WordPress Media Library to an S3 bucket. I used the AWS CLI to bulk migrate my local Media Files to the S3 bucket. So far so good.
Some of the existing PDFs in my library had "+" in the filename, example "mypdf+_name.pdf". When uploaded to S3, the object name was changed to "mypdf%2B_name.pdf". According to this thread, this seems to be a long-running thing.
I tried to set up an nginx config to rewrite anything in my WordPress Media Library that has a "+" in it to go to the corrected S3 URL:
location ~ "^/wp-content/uploads/(.*)$" {
location ~ "^/wp-content/uploads/(.*)\+(.*)$" {
rewrite "^/wp-content/uploads/(.*)\+(.*)$" "https://s3-us-west-2.amazonaws.com/mybucket/uploads/$1%2B$2" redirect;
}
}
This seems to perform the requested redirect, except the "+" is not getting rewritten as "%2B".
For example, "http://example.com/wp-content/uploads/2013/10/mypdf+_name.pdf" gets redirected to "https://s3-us-west-2.amazonaws.com/mybucket/uploads/2013/10/mypdf+_name.pdf". This returns an "AccessDenied" error from S3; when I manually change the "+" to "%2B" in the URL bar, my file displays as expected.
To test if there wasn't something else wrong with my configuration, I changed the redirect to some nonsense, keeping the "%2B":
location ~ "^/wp-content/uploads/(.*)$" {
location ~ "^/wp-content/uploads/(.*)\+(.*)$" {
rewrite "^/wp-content/uploads/(.*)\+(.*)$" "https://s3-us-west-2.amazonaws.com/mybucket/uploads/$1%2B$2blahblahblah" redirect;
}
}
This results in "http://example.com/wp-content/uploads/2013/10/mypdf+_name.pdf" -> "https://s3-us-west-2.amazonaws.com/mybucket/uploads/2013/10/mypdf+_name.pdfblahblahblah"
So my redirect is "working", but something along the way is choosing to keep "+" instead of translating it to "%2B".
How can I make nginx redirect my file to the correct URL?
Here's what ended up working for me:
location ~ "^/wp-content/uploads/(.*)\+(.*)$" {
if ($request_uri ~ "^/wp-content/uploads/(.*)\+(.*)$"){
set $modified_uri "/$1%2B$2";
return 302 https://s3-us-west-2.amazonaws.com/mybucket/uploads$modified_uri;
}
}
If anyone sees an obvious problem with this let me know. I know I've read using if blocks inside a location is bad but the documentation indicates using a return directive is kosher so I'm rolling with it for now.
I have nginx running as in a docker-compose setup and I want to achieve to following:
Every url that contains /something/ is passed to application 1
Every url that contains /something/alsothis/ is passed to application 2
My current config has:
location ~* ^/something/(?<path>.+) {
proxy_pass http://app1/$path;
}
location ~* ^/something/alsothis/(?<path>.+) {
proxy_pass http://app2/$path;
}
When I try https://www.example.com/something/rest_of_path it is working fine.
However when I try https://www.example.com/something/alsothis/rest_of_path I get an Unkown error in Postman (500 error is logged in nginx).
Also I double checked that app2 is working. When I change to the first location to app2, it also works fine.
Can't seem to figure out what is going wrong, all help is much appreciated.
Thanks in advance!
Richard was right, just had to change the order.
I am pretty much a moron with regex and I'm just getting started with a cloud-based Nginx server, which is a big change from administering my in-my-closet Apache server.
I'm trying to do rewrites to get clean URLs like this:
www.domain.com/folder/red/abc ---> www.domain.com/folder/red.cfm?query=abc
www.domain.com/folder/blue/ab/cd/ef ---> www.domain.com/folder/blue.cfm?name=ab&city=cd&state=ef
www.domain.com/folder/blue/ab ---> www.domain.com/folder/blue.cfm?name=ab
I'm basically trying to get rewrites of items after the "folder" subfolder to rewrite to static .cfm pages. Some of those .cfm pages have zero, one, two or three URL variables; the number of variables is not fixed or consistent.
I have been reading A LOT about rewrites and try_files, and I have tried, oh, a couple hundred different variations of rewrites, and I just can't seem to find the solution.
For example, I've tried:
location /folder/blue {
rewrite ^/folder/(.*)?$ /folder/blue.cfm?name=$1 last;
}
And this just gets me absolutely nowhere. I would post my entire conf file, but it is long due to other stuff that was added in by the default server setup.
I would love to make this string as simple as is humanly possible, but I really need help with this. I appreciate it!
For future reference, it would help having a spec.
It seems like this is the only spec you've provided:
www.domain.com/folder/red/abc ---> www.domain.com/folder/red.cfm?query=abc
www.domain.com/folder/blue/ab/cd/ef ---> www.domain.com/folder/blue.cfm?name=ab&city=cd&state=ef
www.domain.com/folder/blue/ab ---> www.domain.com/folder/blue.cfm?name=ab
The following solution should 100% satisfy the above "spec":
location /folder/red/ {
rewrite ^(/folder/\w+)/(\w*)$ $1.cfm?query=$2 last;
return 410;
}
location /folder/blue/ {
rewrite ^(/folder/\w+)/(\w*)$ $1.cfm?query=$2 last;
rewrite ^(/folder/blue)/(\w*)/(\w*)/(\w*)$ $1.cfm?query=$2&city=$3&state=$4 last;
return 410;
}
I have folder images, css, class, js, includes at my application.
and if somebody access that folder --> 403 Forbidden
I want custom this output 403 Forbidden ---> 404 Not Found
I'll try this code
location ~ /(.*)/{ return 404; }
It was sucessfull, the output 404 Not Found
but my images, css, class, js, includes LOST at my application.
Help me please.
location = /THAT_FOLDER/ { return 404; }
Directives with the "=" prefix that match the query exactly (literal string).
If found, searching stops.
ref: http://wiki.nginx.org/HttpCoreModule#location