OK. Problem solved. Here's the deal: If rails sets the header as 'X_PASSWORD', then nginx does not see this value in $http_x_password. If rails sets it as 'X-Password' then nginx does - problem solved. Cheers, OA -- Posted via http://www.ruby-forum.com/.