auth_request module is sending the auth subrequest twice

Vineet Naik naikvin at gmail.com
Mon Mar 11 06:54:44 UTC 2024 

Hello,

I had sent the original email to the nginx mailing list address a week ago.
But I don't see it on the March 2024 archives page -
https://mailman.nginx.org/pipermail/nginx/2024-March/thread.html#start. I
am wondering if that's the case because I was not subscribed to the mailing
list at the time of sending the email (I have subscribed just now) or if
it's stuck in moderation.

Appreciate any help.

Thanks,
Vineet

On Mon, 4 Mar 2024 at 11:52, Vineet Naik <naikvin at gmail.com> wrote:

> Hello,
>
> I am using the auth_request module to restrict access to static files at
> location `/`. I noticed that when authentication is successful, the `/auth`
> endpoint is receiving 2 requests for every request sent to nginx by the
> client application. Interestingly, this only happens when the user is
> logged in i.e. the `/auth` endpoint responds with 200 status code.
> Otherwise, the auth endpoint is called only once. I have verified this by
> logging every incoming request to `/auth` handler in the server
> application.
>
> I can see that the internal subrequests made by nginx to the auth endpoint
> are not being logged. Is there a way to enable logging for auth
> subrequests? How do I investigate this further?
>
> Nginx config for reference:
>
> server {
>     listen       80;
>     server_name  spapoc.local;
>
>     access_log  /var/log/nginx/spapoc.access.log  main;
>
>     location ~ ^/(login|logout) {
>         auth_request off;
>         proxy_pass http://127.0.0.1:5001;
>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>         proxy_set_header X-Forwarded-Proto $scheme;
>         proxy_set_header X-Forwarded-Host $host;
>         proxy_set_header X-Forwarded-Prefix /;
>     }
>
>     location /xhr/ {
>         auth_request off;
>         proxy_pass http://127.0.0.1:5001/;
>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>         proxy_set_header X-Forwarded-Proto $scheme;
>         proxy_set_header X-Forwarded-Host $host;
>         proxy_set_header X-Forwarded-Prefix /;
>     }
>
>     location = /favicon.ico {
>         auth_request off;
>         root /home/vmadmin/spa;
>     }
>
>     location / {
>         auth_request /auth;
>         auth_request_set $auth_status $upstream_status;
>         error_page 401 = @error401;
>
>         root   /home/vmadmin/spa;
>         try_files $uri $uri/ /index.html;
>     }
>
>     location = /auth {
>         internal;
>         auth_request off;
>         proxy_pass http://127.0.0.1:5001;
>         proxy_pass_request_body off;
>         proxy_set_header        Content-Length "";
>         proxy_set_header        X-Original-URI $request_uri;
>     }
>
>     location @error401 {
>         return 302 /login;
>     }
>
>     #error_page  404              /404.html;
>
>     # redirect server error pages to the static page /50x.html
>     #
>     error_page   500 502 503 504  /50x.html;
>     location = /50x.html {
>         root   /usr/share/nginx/html;
>     }
> }
>
> --
> Thanks,
> Vineet
>
>

-- 
~ Vineet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20240311/556c1252/attachment.htm>

More information about the nginx mailing list