Nginx location matching priority and security issues

Recently has been doing location configuration, encountered priority issues (such as improper configuration, there will be security risks), the following are some of the personal learning experience

First, location matching character

1. Equals match: # # "="

Its features can be summarized as two points: # #1. Exact match,2. Regular expressions are not supported

Syntax Examples:

1     Location =/static/img/file. jpg {23    ... 4 5     }

Code-1

2. Null match: An empty match is characterized by: # #1. Matches the URI that starts with the specified pattern,2. Regular is not supported

Syntax Examples:

1     location/static/img/ {23     ... 4 5     }

Code-2

3. Regular match: "~" # # # Case-sensitive regular match

Syntax Examples:

1     Location ~/static/img/.*\.jpg$ {23    ... 4 5     }

Code-4

4. ~*: # # is not a case -sensitive regular match, but there are some systems that are insensitive to casing, which is no different.

Syntax Examples:

1     Location ~*/static/img/.*\.jpg$ {23     ... 4 5     }

Code-5

5. ^~ says: # #优先前缀匹配

1 location ^~/static/img/ {23... 4 5 }

Code-6

6. Internal access symbol @ means: # #一般用于错误页面

Second, match the priority level

1.=

2. Empty match, when the exact match is met

3.^~

4.~ or ~*

For request Http://luck.com/static/img/test.jpg

1. If hit exact match, for example:

1     Location =/static/img/logo.jpg {23     }

Code-7

The exact match is prioritized and the match is terminated.

2. If you hit multiple empty matches, for example:

1     location/static/ {23    }45     location/static/img/ {67     }

Code-8

The longest prefix match is remembered, that is, the/static/img/in the previous example, and continues to match.

3. If the longest prefix match is a priority prefix match, for example:

1     location/static/ {23    }45location     ^~/static/img/ {67     }

Code-9

The longest priority match is hit, and the match is terminated

4. If you hit more than one regular match, for example:

  1  location/static/  2   3  }   4   5  location/static/img/ {      6   7   }   8   9  location ~*/static/ { 10  11   " 12  13  Loca tion ~*/static/img/ { 14  15 } 

Code-10

Then forget the longest prefix match in the above 2, using the first hit of the regular match, that is, the location ~*/static/in the above example, and terminate the match ( hit more than one regular match, priority use in the configuration file in the first order of occurrence )

Iii. Summary of actual combat experience
Priority of 1.location matching (from practice summary)
(location =)-(location full path), Location ^~ path (location ~*), location path
As long as the match is reached, the others are ignored and then returned to the change match.

Nginx location matching priority and security issues