mdounin at mdounin.ru
Sun Sep 4 18:00:43 UTC 2011
On Sun, Sep 04, 2011 at 07:40:44PM +0300, Nginx User wrote:
> On Sun, Sep 4, 2011 at 1:25 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> > Hello!
> > On Sun, Sep 04, 2011 at 12:02:34AM +0300, Nginx User wrote:
> > > Is the any documentation for the http_auth_request_module anywhere?
> > Trying
> > > to find out what the configuration parameters are if any.
> > Try README in the module tarball. Alternatively, you may find it
> > here:
> Hi Thanks for that.
> To clarify, My understanding of how this works is that when a request from a
> client (I'll call this "Client Request") hits Nginx, the module handler will
> spin off a request (I'll call this "Module Request") to a location where I
> would have arranged for authentication to occur. This can be auth basic etc
> or my own custom process. Assuming my own custom process, I should arrange
> for it to return status code "200" to allow access, status code "403" to
> deny access or status code "401" to ask for username and
> password (responding by 200, 403 or 401 as required). When the module
> receives a "200" code for the Module Request, it will pass the Client
> Request on through to the next normal stage of Nginx processing. If a "403"
> code is received, The user is sent the same and processing stops.
> Four queries:
> 1. Is my understanding of the process correct?
> 2. When the README says "it is not currently possible to use
> proxy_cache/proxy_store (and fastcgi_cache/fastcgi_store) for requests
> initiated by auth request module", does this apply to the Module Request
> only as it suggests and that the Client Request will proceed as normal or is
> there a twist to it?
It applies only to auth subrequests. Client requests will proceed
> 3. Does the module cover "post" requests as well
Yes. Note though, request body won't be read at auth_request (and
won't be passed to auth subrequest).
> 4. I notice "proxy_set_header X-Original-URI $request_uri;" in the README
> example. Is this a requirement?
It's just an example how to pass original request uri to your
custom auth script.
Note though, that
proxy_set_header Content-Length "";
is actually required when proxy_pass'ing auth subrequests, as
request body won't read (see above).
More information about the nginx