auth_request and multiple sequential subrequests
agentzh at gmail.com
Mon Feb 14 07:27:50 MSK 2011
On Thu, Feb 3, 2011 at 7:16 PM, Pavel Kolla <pavelkolla at gmail.com> wrote:
> location /t1
> # internal
> auth_request /t2;
> set $t 1;
> echo "t1 $t";
Your /t1 does not run auth_request when it is used in a subrequest
just because nginx access phase handlers will be skipped altogether
for subrequests (as opposed to rewrite and content phase handlers).
This is a common pitfall but can also be a useful feature for minor
You put "set $t 1" after "auth_request" here is confusing. Because
"set" runs at the rewrite phase and will always run before any access
phase directives like "auth_request" even if you put "set" after it.
BTW, you can utilize the rewrite_by_lua directive to do this kind of
generalized access control like this:
local res = ngx.location.capture("/some_location")
if res.status == ngx.HTTP_FORBIDDEN then
if res.status ~= ngx.HTTP_OK then
This is the first-order approximation of a rewrite-phase auth_request
using ngx_lua and rewrite phase handlers also run in subrequests :)
See http://github.com/chaoslawful/lua-nginx-module for details.
> At this stage i'm not even sure if it is possible to use auth_request directive
> in a subrequest, so i seek for wisdom here...
Surely not. See the reason I've given above :)
More information about the nginx