proxy_cache when 'Authorization' HTTP header presents.
Kuramoto Eiji
ek at kuramoto.org
Tue Aug 18 15:38:03 MSD 2009
On Mon, 17 Aug 2009 18:14:34 +0400
Maxim Dounin wrote:
} > The proxy_cache module send cached contents until it's expired
} > even if a client send wrong user/password after passed first (401)
} > authentication. It might be a bug ... ?
}
} If authorization checked by nginx - request will never reach this
} stage. If it's checked by backend server - there is no reason for
} nginx to do anything with it.
It's checked by backend server.
my nginx.conf:
proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2 keys_zone=one:10m;
proxy_cache_key "$host:$server_port$uri$is_args$args";
server {
listen 8080;
server_name frontend-hostname.example.com;
location / {
proxy_cache one;
error_page 401 404 502 504 = @fallback;
}
location @fallback {
proxy_cache one;
proxy_cache_valid 200 1m;
proxy_pass http://backend-hostname.example.com;
}
Request/Response:
1. client requests HTTP authorization required URI to nginx.
2. If it doesn't found in proxy_cached contents, nginx requests URI to
backend server.
3. backend server responses with 401 (Unauthorized) HTTP status code
to nginx.
4. nginx responses with 401 (Unauthorized) HTTP status code to client.
5. client send requests with the authorized User/Password on
'Authorization:' HTTP header.
6. nginx passes through that requests to backend server.
7. backend server responses authorized contents with 200 HTTP status
code without 'Cache-Control: no-cache or no-store' HTTP headers.
8. nginx's proxy_cache module caches the contents, so it respond with
200 HTTP status code.
9. nginx responses the contens to client with 200 HTTP status code.
10. change User or Password for HTTP authorization of URI on backend
server.
11. client requests same URI at step 1 with previously (same at step 5)
User/Password (at here, wrong/unauthorized User/Password) on
'Authorization:' HTTP header.
12. nginx responses previously (at step 8) cached contents without any
HTTP authorizations until proxy_cache expired ('proxy_cache_valid'
time for '200' HTTP status).
nginx should request to backend server with 'Authorization:' HTTP
header requested by client at step 12, I suppose..
} This effectively switches off cache for requests with
} authorization. The same may be done via configs.
How can I do via configs?
Thank you.
- Kuramoto Eiji
More information about the nginx
mailing list