[nginx] allowing auth_request to proxy TOO_MANY_REQUESTS

alvn at alvn.dk alvn at alvn.dk
Tue Oct 11 11:04:36 UTC 2022


Hi!

Thank you for the answer!

I have tried your suggestion, but it seems to not quite fit my use case.

Does your suggestion not eliminate the authentication server entirely
for any upstream servers?

My preferred use case would be to have auth_request intercept all calls,
and only relay the accepted ones.

Something like this:
------------
server {
  auth_request /auth;

  location /v1/endpoint {
    proxy_pass http://localhost:7777/v1;
  }

  location /v2/endpoint {
    proxy_pass http://localhost:6666/v2;
  }

  location = /auth {
    internal;
    proxy_pass http://localhost:8888/authentication;
    [..]
  }
}
-----------

With the authentication server responding with X-Accel-Redirect, it still gets
interpreted by auth_request and 429 can never be sent directly to the user.


More information about the nginx-devel mailing list