A piece of template with inclode:

<div class="panel"> <div class="ym-wrapper"> <div class="ym-wbox"> <!--# set var="panel" value="<!--# include virtual='/panel/?project=project_name&color=dark&caller=$http_referer' -->" --> <!--# echo var="panel" encoding="none" --> </div> </div> </div>

Nginx log format:

 log_format subtimed '$remote_addr - $remote_user [$time_local] ' '"INC $uri$is_args$args" $status $bytes_sent "$http_referer" ' '"$http_user_agent"

Location in nginx:

 location /panel/ { internal; ssi on; proxy_set_header Host panel.domain.zone; proxy_method GET; proxy_pass http://panel.domain.zone/; proxy_set_header X-Real-IP $remote_addr; proxy_connect_timeout 1s; proxy_send_timeout 2s; proxy_read_timeout 2s; proxy_intercept_errors on; log_subrequest on; }

Open the page http://devel.domain.zone in a new tab. We look at the entry in the log:

 xxx.xxx.xxx.xxx - - [15/Oct/2015:18:29:31 +0300] "INC /panel/?project=project_name&color=dark&caller=http://devel.domain.zone" 200 0 "http://devel.domain.zone/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0"

Go to the page http://devel.domain.zone/sec/?theme=102 We look at the log:

 xxx.xxx.xxx.xxx - - [15/Oct/2015:18:30:29 +0300] "INC /panel/?project=project_name&color=dark&caller=http://devel.domain.zone/sec/?theme=102" 200 0 "http://devel.domain.zone/sec/?theme=102" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0"

Those. it turns out that $http_referer for some reason behaves like $document_uri ??? Yes, and when you substitute $document_uri in the include in the nginx log, you can see something like this:

 xxx.xxx.xxx.xxx - - [15/Oct/2015:18:30:29 +0300] "INC /panel/?project=project_name&color=dark&caller=/ga/ga.js" 200 0 "http://devel.domain.zone/sec/?theme=102" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0"

Does anyone understand how this happens? At what point is $document_uri calculated? How is the $http_referer in the connection passed: calculated or by variable name?

    1 answer 1

    Does anyone understand how this happens?

    It is worth starting with the trial, whence the http://devel.domain.zone (i.e., when accessing the site root) suddenly appears for no reason at all not only the url ( /panel ), but also arguments.

    this behavior does not follow from the given configuration fragment. you probably omitted essential information for the answer. both from the nginx configuration, and from the configuration of the http server that serves the panel.domain.zone site, where nginx proxies the http requests .