Open
Description
What happened:
Using limit_except GET { deny all; } together with location = / { return 403; } results in 503, instead of 403.
This one is OK
curl -i -XGET https://example.com
HTTP/2 403
content-type: text/html
content-length: 146
vary: Accept-Encoding
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
This one is OK
curl -i -XGET https://example.com/health
HTTP/2 200
content-type: text/plain; charset=utf-8
content-length: 19
This one should have returned 403 instead of 503
curl -i -XPOST https://example.com/health
HTTP/2 503
content-type: text/html
content-length: 190
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx</center>
</body>
</html>
What you expected to happen:
I want to block all requests to "/" and allow only GET requests for every other route. Ingress should return 403, but it returns 503.
NGINX Ingress controller version (exec into the pod and run nginx-ingress-controller --version.):
-------------------------------------------------------------------------------
NGINX Ingress controller
Release: v1.11.1
Build: 7c44f992012555ff7f4e47c08d7c542ca9b4b1f7
Repository: https://github.com/kubernetes/ingress-nginx
nginx version: nginx/1.25.5
-------------------------------------------------------------------------------
Kubernetes version (use kubectl version):
Client Version: v1.29.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.29.6-eks-db838b0
How to reproduce this issue:
Use the following annotations:
nginx.ingress.kubernetes.io/server-snippet: |
location = / {
return 403;
}
nginx.ingress.kubernetes.io/configuration-snippet:
limit_except GET { deny all; }
Metadata
Metadata
Assignees
Labels
Type
Projects
Status
No status