I have been trying to imlement a custom 403 error page - to be
triggered when the request method is not in HEAD,GET,POST. I started
with something like this (note I was specifically triggering the 403
error for GET requests for testing):
root /htdocs
location = /403.html {
internal;
}
error_page 403 = /403.html;
if ($request_method !~ ^(POST)$ ) {
return 403;
}
location / {
index index.html;
}
For some reason, the above config always caused nginx internal 403
error page to be generated - instead of my custom page at
/htdoc/403.html.
After scouring forums and whatnot, I found a suggestion, which is to put
the if() inside the location block - like:
location / {
index index.html;
if ($request_method !~ ^(POST)$ ) {
return 403;
}
}
Doing this and everything seemed to work. I just don’t understand why -
can someone explain this?
53.html
Thanks for this link, it does seem to explain things if I understood it
correctly. So basically what was going on in this:
The return 403 in the server{} body caused 403 to be return on every
internal redirect where method != POST
The first one was the actual request, which returned 403 as the
method was not POST
We then tried to access location /403.html, however this was also
checked against the 403 rule, and as the method was != POST, we return
another 403
As you said in the last response…“wow, we’ve already done
error_page redirection and
this resulted in another error, return default error page”
So…I guess my next question would be how to elegantly apply a rule
like this against all locations (or a number of selected locations),
without having to copy it into the location{} body for each one?