Can nginx support FastCGI Authorizers?

lhmwzy lhmwzy at gmail.com
Sat Dec 27 15:39:37 MSK 2008


see also : http://www.fastcgi.com/devkit/doc/fcgi-spec.html
......
 6.3 Authorizer

An Authorizer FastCGI application receives all the information
associated with an HTTP request and generates an
authorized/unauthorized decision. In case of an authorized decision
the Authorizer can also associate name-value pairs with the HTTP
request; when giving an unauthorized decision the Authorizer sends a
complete response to the HTTP client.

Since CGI/1.1 defines a perfectly good way to represent the
information associated with an HTTP request, Authorizers use the same
representation:

    * The Authorizer application receives HTTP request information
from the Web server on the FCGI_PARAMS stream, in the same format as a
Responder. The Web server does not send CONTENT_LENGTH, PATH_INFO,
PATH_TRANSLATED, and SCRIPT_NAME headers.

    * The Authorizer application sends stdout and stderr data in the
same manner as a Responder. The CGI/1.1 response status specifies the
disposition of the request. If the application sends status 200 (OK),
the Web server allows access. Depending upon its configuration the Web
server may proceed with other access checks, including requests to
other Authorizers.

      An Authorizer application's 200 response may include headers
whose names are prefixed with Variable-. These headers communicate
name-value pairs from the application to the Web server. For instance,
the response header

              Variable-AUTH_METHOD: database lookup

      transmits the value "database lookup" with name AUTH-METHOD. The
server associates such name-value pairs with the HTTP request and
includes them in subsequent CGI or FastCGI requests performed in
processing the HTTP request. When the application gives a 200
response, the server ignores response headers whose names aren't
prefixed with Variable- prefix, and ignores any response content.

      For Authorizer response status values other than "200" (OK), the
Web server denies access and sends the response status, headers, and
content back to the HTTP client.
......


2008/12/27 lhmwzy <lhmwzy at gmail.com>:
> I search the wiki of nginx,but can't find any thing about FastCGI Authorizers.
> can or How to use FastCGI Authorizers under nginx?
>





More information about the nginx mailing list