[PATCH] Allow http_auth_request_module to forward 302 responses

Maxim Dounin mdounin at mdounin.ru
Sat Feb 18 21:45:42 UTC 2012


On Sat, Feb 18, 2012 at 09:19:18AM -0500, Maxim Khitrov wrote:

> Hello Maxim,
> The attached patch allows your http_auth_request_module to forward a
> 302 response and the associated "Location" header to the client. The
> goal is to allow the authentication back end to redirect the client to
> a login page instead of using WWW-Authenticate header.

You may get the same result by returning 401/403 and using 
appropriate error_page handler.  I don't actually see a reason to 
handle 302 specially here.

Something like this should work (not tested):

    location / {
        auth_request /auth;
        auth_request_set $auth_redirect $upstream_http_location;
        error_page 401 = /auth_redirect;

    location /auth {
        proxy_pass http://auth_backend;

    location /auth_redirect {
        return 302 $auth_redirect;

Maxim Dounin

More information about the nginx-devel mailing list