问题:
我定义了以下入口:
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: someName
namespace: test
annotations:
kubernetes.io/ingress.class: "ingress-public"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "JSESSIONID"
nginx.ingress.kubernetes.io/connection-proxy-header: "keep-alive"
nginx.ingress.kubernetes.io/server-snippet: |
# block if not / or /test or /something
if ($request_uri !~* "(^/(?:(?:test|something)(?:/|$)|$))") {
return 404 ;
break;
}
# redirect if proto_http
if ($http_x_forwarded_proto = 'http') {
return 301 https://$host$request_uri;
break;
}
# hsts required header
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
spec:
rules:
- host: myhost.example.com
http:
paths:
- path: /
backend:
serviceName: someservice
servicePort: 80
我现在有两个问题。
- 请求
/test%2F..%2Fconfig
不返回404,即使这与正规表达式不匹配 - 请求
/test/..-2Fconfig
允许访问/config
是否有更好的正规表达式来覆盖这些情况,或者有办法将$request_uri
转换为绝对uri,以便正规表达式编码的uri能够工作?
正规表达式在这里有一些测试用例:https://regex101.com/r/Msu402/1
答案1:
location ~* ^/(?!test|something) {
return 404;
}
相关文章