Description of the problem: In the internal network environment, accessing the interface with IP is normal. However, in the external network environment, using the domain name to access the interface, the get and post requests are normal, but the put and delete requests cannot be used normally.
I checked various information and configured nginx as required, but it didn’t work
server {
listen 8099;
server_name http://aa.com;
#index index.php index.html index.htm default.php default.htm default.html;
gzip on;
gzip_static on; # 需要http_gzip_static_module 模块
gzip_min_length 1k;
gzip_comp_level 4;
gzip_proxied any;
gzip_types text/plain text/xml text/css;
gzip_vary on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Headers X-Requested-With;
add_header Access-Control-Allow-Methods GET,PUT,POST,OPTIONS;
# 若新增后端路由前缀注意在此处添加(|新增)
location / {
proxy_pass http://aa.com/gateway;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
}
# 避免端点安全问题
if ($request_uri ~ "/actuator"){
return 403;
}
}
Later, I learned something about intranet penetration. As shown in the figure,
the gateway layer can set up filtering and interception. I confirmed to Party A’s customer that the gateway server did intercept delete and put requests, and only allowed get and post. I had no choice but to change the code , but the project is based on spring-cloud-alibaba, restful style interface, there are too many interfaces to be changed, workload...
just give up~~
So the following method was adopted
- The front end must change the code, this cannot be bypassed, all PUT/DELETE requests are required to be changed to POST, and carry a special Header:
All PUT requests must carry the Header: X-HTTP-Method-Override: PUT
All DELETE requests , to carry Header: X-HTTP-Method-Override: DELETE
参考
Request URL: http://xxx.com/admin/log/12345
Request Method: POST
POST /admin/log/12345 HTTP/1.1
Host: 192.168.2.170:8080
Connection: keep-alive
Content-Length: 0
Accept: application/json, text/plain, */*
Authorization: Bearer 5542d6-5cd6-48ac-a3b2-19b3fb4d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36
X-HTTP-Method-Override: delete
Origin: http://192.168.1.170:8080
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
2. The server converts the request method according to the Header: X-HTTP-Method-Override: it can be processed in gateway, zuul or use HiddenHttpMethodFilter ( use method, Baidu yourself );
or modify and forward at the nginx proxy layer, the server does not You can do any processing, I use the nginx method, refer to the configuration:
在nginx的server中添加
set $method $request_method;
if ($http_X_HTTP_Method_Override ~* 'DELETE') {
set $method DELETE;
}
if ($http_X_HTTP_Method_Override ~* 'PUT') {
set $method PUT;
}
proxy_method $method;
location / {
......
Restart the service after changing, 200 OK! ! !
Of course, if you can ask the network administrator to modify the interception rules of the gateway, that would be great! ! !