proxy_cache when 'Authorization' HTTP header presents.

Kuramoto Eiji ek at kuramoto.org
Wed Aug 12 06:47:31 MSD 2009


Hi,

The proxy_cache module send cached contents until it's expired
even if a client send wrong user/password after passed first (401)
authentication. It might be a bug ... ?

small patch like this,


--- ngx_http_upstream.c	22 Jul 2009 04:01:25 -0000	1.7
+++ ngx_http_upstream.c	11 Aug 2009 10:01:41 -0000	1.8
@@ -397,7 +397,18 @@
 
 #if (NGX_HTTP_CACHE)
 
+    /*
+     * don't cache when Authorization header presents.
+     */
+    if (u->conf->cache
+	 && r->headers_in.authorization == NULL
+	 && r->headers_in.user.data == NULL /* don't check 'len' for empty user/passwd */
+	 && r->headers_in.passwd.data == NULL) {
         ngx_int_t  rc;
 
         rc = ngx_http_upstream_cache(r, u);

- Kuramoto Eiji





More information about the nginx mailing list