配置中存在 nginx sub_filter 时如何激活它?
How to activate nginx sub_filter when it is present in configuration?
我已经下载了 nginx windows 版本 1.21.6 (https://nginx.org/en/download.html) 的映像,nginx -V 输出包含 --with-http_sub_module:
PS C:\Utils\nginx-1.21.6> .\nginx.exe -V
nginx version: nginx/1.21.6
built by cl 16.00.40219.01 for 80x86
built with OpenSSL 1.1.1m 14 Dec 2021
TLS SNI support enabled
configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-temp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msvc8/lib/pcre2-10.39 --with-zlib=objs.msvc8/lib/zlib-1.2.11 --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --with-mail --with-stream --with-openssl=objs.msvc8/lib/openssl-1.1.1m --with-openssl-opt='no-asm no-tests -D_WIN32_WINNT=0x0501' --with-http_ssl_module --with-mail_ssl_module --with-stream_ssl_module
不幸的是,我无法进行替换:(我试图在这里获得一些灵感:https://samanbaboli.medium.com/modify-html-pages-on-the-fly-using-nginx-2e7a2d069086
这是我的配置
worker_processes 1;
worker_rlimit_nofile 8192;
pid nginx.pid;
events {
worker_connections 24;
}
http {
server {
listen 80;
server_name localhost;
location / {
proxy_pass https://example.org;
sub_filter '</head>' '<script>alert("Hi")</script></head>';
sub_filter_once on;
}
location /test {
return 200 'OKAY';
sub_filter 'OKAY' 'OK';
sub_filter_once on;
}
}
}
任何想法,我做错了什么?
http://localhost/ 不会抛出警报“嗨”,http://localhost/test returns“好”,而不是预期的“好”。
根据这个答案,应该不需要任何参数或额外的配置:(
Content-Type HTTP header, unless being specified explicitly via the default_type directive (at the location or any level up) will be equal to text/plain by default. The sub_filter directive works only with on content with the text/html MIME type, unless additional types are specified using the sub_filter_types 指令。因此,要使您的替换在 /test 位置起作用,请使用
location /test {
default_type text/html;
return 200 'OKAY';
sub_filter 'OKAY' 'OK';
}
或者,如果您没有 default_type 指令指定其他类型而不是 text/plain 其他地方,
location /test {
return 200 'OKAY';
sub_filter_types text/plain;
sub_filter 'OKAY' 'OK';
}
我看不出有任何理由在您的主要位置替换不起作用。检查从 https://example.org 返回的实际 MIME 类型和 HTML 标签使用的 upper/lower 大小写。真的是 </head> 而不是 </HEAD> 吗?
更新
正如 OP 所注意到的那样,sub_filter 模块不适用于压缩的上游响应,因此如果上游能够压缩其响应,则 Accept-Encoding header 不应该传递给上游:
location / {
proxy_pass https://example.org;
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<script>alert("Hi")</script></head>';
sub_filter_once on;
}
我已经下载了 nginx windows 版本 1.21.6 (https://nginx.org/en/download.html) 的映像,nginx -V 输出包含 --with-http_sub_module:
PS C:\Utils\nginx-1.21.6> .\nginx.exe -V
nginx version: nginx/1.21.6
built by cl 16.00.40219.01 for 80x86
built with OpenSSL 1.1.1m 14 Dec 2021
TLS SNI support enabled
configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-temp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msvc8/lib/pcre2-10.39 --with-zlib=objs.msvc8/lib/zlib-1.2.11 --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --with-mail --with-stream --with-openssl=objs.msvc8/lib/openssl-1.1.1m --with-openssl-opt='no-asm no-tests -D_WIN32_WINNT=0x0501' --with-http_ssl_module --with-mail_ssl_module --with-stream_ssl_module
不幸的是,我无法进行替换:(我试图在这里获得一些灵感:https://samanbaboli.medium.com/modify-html-pages-on-the-fly-using-nginx-2e7a2d069086
这是我的配置
worker_processes 1;
worker_rlimit_nofile 8192;
pid nginx.pid;
events {
worker_connections 24;
}
http {
server {
listen 80;
server_name localhost;
location / {
proxy_pass https://example.org;
sub_filter '</head>' '<script>alert("Hi")</script></head>';
sub_filter_once on;
}
location /test {
return 200 'OKAY';
sub_filter 'OKAY' 'OK';
sub_filter_once on;
}
}
}
任何想法,我做错了什么?
http://localhost/ 不会抛出警报“嗨”,http://localhost/test returns“好”,而不是预期的“好”。
根据这个答案,应该不需要任何参数或额外的配置:(
Content-Type HTTP header, unless being specified explicitly via the default_type directive (at the location or any level up) will be equal to text/plain by default. The sub_filter directive works only with on content with the text/html MIME type, unless additional types are specified using the sub_filter_types 指令。因此,要使您的替换在 /test 位置起作用,请使用
location /test {
default_type text/html;
return 200 'OKAY';
sub_filter 'OKAY' 'OK';
}
或者,如果您没有 default_type 指令指定其他类型而不是 text/plain 其他地方,
location /test {
return 200 'OKAY';
sub_filter_types text/plain;
sub_filter 'OKAY' 'OK';
}
我看不出有任何理由在您的主要位置替换不起作用。检查从 https://example.org 返回的实际 MIME 类型和 HTML 标签使用的 upper/lower 大小写。真的是 </head> 而不是 </HEAD> 吗?
更新
正如 OP 所注意到的那样,sub_filter 模块不适用于压缩的上游响应,因此如果上游能够压缩其响应,则 Accept-Encoding header 不应该传递给上游:
location / {
proxy_pass https://example.org;
proxy_set_header Accept-Encoding "";
sub_filter '</head>' '<script>alert("Hi")</script></head>';
sub_filter_once on;
}