Nonstandard Response Headers

Manlio Perillo manlio_perillo at
Tue Jan 22 11:57:39 MSK 2008

Brendan Schwartz ha scritto:
> On Jan 21, 2008 4:21 AM, Manlio Perillo <manlio_perillo at> wrote:
> [...]
>> Try to use $upstream_http_authorization directly in the remote-proxy
>> location.
>> If this does not work, then I have no idea on how to solve your problem.
> Unfortunately, this doesn't work.

I think the problem is with the two upstream being in two separate 

>>> I'm trying to use nginx as a proxy for a remote server. But in order
>>> to access the content on the remote server, I need to pass an
>>> Authorization header to it. The local backend is able to produce valid
>>> authorization tokens.
>>> So here's what I want to happen: the local backend produces an
>>> Authorization header which is then passed to the remote server
>>> backend. The remote server accepts the authorized request and returns
>>> the protect content to nginx which passes it on to the end user.
>>> Does this make sense?
>> Why don't just ask the user to supply the Authorization header?
>> Moreover, since the remote-proxy is "internal", I don't see any need to
>> supply authorization info.
>> The authorization *must* be done in the local backend, and only if the
>> client is allowed to access the protected content, you set the
>> X-Accel-Redirect.
>> This content is only accessible by nginx, and not by external clients.
> In my situation the end user shouldn't (and doesn't) have any
> knowledge of the authentication mechanism between this "remote server"
> and nginx. The remote-proxy is marked as "internal" to prevent users
> from accessing that URL directly (without permission from the local
> backend) and gaining access to the protected content on the remote
> server.
> What I'd like to have happen is this:
> The end user authenticates with the local backend at which point nginx
> will fetch the protected content from the remote server and serve it
> to them.

But this is already supported by nginx.
You have to set the X-Accel-Redirect only when the end user successfully 
authenticate with the local backend.

>>> Thanks,
>>> Brendan

Manlio Perillo

Manlio Perillo

More information about the nginx mailing list