http_auth_request_module Instructions?

Nginx User nginx at nginxuser.net
Sun Sep 4 16:40:44 UTC 2011


On Sun, Sep 4, 2011 at 1:25 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
>
> On Sun, Sep 04, 2011 at 12:02:34AM +0300, Nginx User wrote:
>
> > Is the any documentation for the http_auth_request_module anywhere?
> Trying
> > to find out what the configuration parameters are if any.
>
> Try README in the module tarball.  Alternatively, you may find it
> here:
>


Hi Thanks for that.

To clarify, My understanding of how this works is that when a request from a
client (I'll call this "Client Request") hits Nginx, the module handler will
spin off a request (I'll call this "Module Request") to a location where I
would have arranged for authentication to occur. This can be auth basic etc
or my own custom process. Assuming my own custom process, I should arrange
for it to return status code "200" to allow access, status code "403" to
deny access or status code "401" to ask for username and
password (responding by 200, 403 or 401 as required). When the module
receives a "200" code for the Module Request, it will pass the Client
Request on through to the next normal stage of Nginx processing. If a "403"
code is received, The user is sent the same and processing stops.

Four queries:

1. Is my understanding of the process correct?
2. When the README says "it is not currently possible to use
proxy_cache/proxy_store (and fastcgi_cache/fastcgi_store) for requests
initiated by auth request module", does this apply to the Module Request
only as it suggests and that the Client Request will proceed as normal or is
there a twist to it?
3. Does the module cover "post" requests as well
4. I notice "proxy_set_header X-Original-URI $request_uri;" in the README
example. Is this a requirement?


Thanks again
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20110904/1d44e637/attachment-0001.html>


More information about the nginx mailing list