Caddy: What should trigger the `X-Accel-Redirect` header to be obeyed?

Created on 9 Aug 2016  路  7Comments  路  Source: caddyserver/caddy

I was chatting with @mholt about this today in a Twitter DM and he asked me to make a note of it here.

I'm working on a project where I need to take advantage of Caddy's support for the X-Accel-Redirect header because the path to the file that I would like to serve can only be determined _after_ Caddy has proxied the request to a little PHP script via fastcgi.

I noticed that this header is ignored unless I specify an internal directive, but in my case, I don't actually have anything I need to protect with internal, and instead I'm just using this directive to get Caddy to notice that I'm kicking back an X-Accel-Redirect header.

This means my Caddyfile looks something like this:

:80 {
    internal /madeupfolder

    fastcgi / 127.0.0.1:9000 php {
        index server.php
    }

    rewrite {
        to /server.php?{query}
    }
}

...where I set an internal directive that points to a completely make-believe folder _just_ to get the X-Accel-Redirect header to be noticed.

What is the intended behavior around the internal directive and the X-Accel-Redirect header?

Should Caddy _only_ allow X-Accel-Redirects to resources that are masked by the internal directive? (I hope not because it would break the only solution I've found to my problem! 馃槈)

Should there be another way to indicate to Caddy, "hey, please pay attention in case an X-Accel-Redirect header comes back and follow it if so!"? Currently like I said, that header is entirely ignored _unless_ there is _some_ internal directive in place, regardless of where it points.

feature request question
Source
picture adamwathan

All 7 comments

Pinging @mschoebel: would you have any thoughts/insights on this?

mholt picture mholt on 11 Aug 2016

From my use of it recently; what might be good is to add an Enable flag. Perhaps this is two separate features. The protection of an internal directory (always 404ing) and then the added option to enable accel_redirect.

Suggestion: simply specifying accel_redirect to enable globally the testing of headers. And then accel_redirect /path/to/content for only specific paths. If you specify the path perhaps its internalised by default? This would also prove helpful to migration since its just replacing internal with accel_redirect in the Caddyfile.

slightfoot picture slightfoot on 11 Aug 2016
👍1

@slightfoot that would be great for me, all I really need to do is turn it on 馃憤馃徎

adamwathan picture adamwathan on 18 Aug 2016

@slightfoot What if internal could take 0 arguments and merely specifying it doesn't actually protect anything but would still follow X-Accel-Redirect headers? This change would be easy enough, I think. @adamwathan, would you find that useful?

mholt picture mholt on 9 Aug 2017

That would handle my use case for sure 馃憤馃徎

adamwathan picture adamwathan on 9 Aug 2017
👍1

Cool, I think that's probably doable!

mholt picture mholt on 9 Aug 2017

Implemented in b5ec462. If you build from source you can try it out (I think it works, the tests lead me to believe that's the case, if I am reading them right)! It would be good to know if it works for you in practice. Thanks!

mholt picture mholt on 9 Aug 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

klaasel picture klaasel  路  3Comments
dafanasiev picture dafanasiev  路  3Comments
mschneider82 picture mschneider82  路  3Comments
whs picture whs  路  3Comments
treviser picture treviser  路  3Comments