proxy_cache when 'Authorization' HTTP header presents.

Kuramoto Eiji ek at kuramoto.org
Tue Aug 18 15:38:03 MSD 2009 

 On Mon, 17 Aug 2009 18:14:34 +0400
    Maxim Dounin wrote:

 } > The proxy_cache module send cached contents until it's expired
 } > even if a client send wrong user/password after passed first (401)
 } > authentication. It might be a bug ... ?
 } 
 } If authorization checked by nginx - request will never reach this 
 } stage.  If it's checked by backend server - there is no reason for 
 } nginx to do anything with it.

It's checked by backend server.

my nginx.conf:

    proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2 keys_zone=one:10m;

    proxy_cache_key "$host:$server_port$uri$is_args$args";

    server {
        listen 8080;
        server_name frontend-hostname.example.com;

        location / {
            proxy_cache one;
            error_page 401 404 502 504 = @fallback;
        }

        location @fallback {
            proxy_cache one;
            proxy_cache_valid 200 1m;
            proxy_pass http://backend-hostname.example.com;
        }


Request/Response:
1. client requests HTTP authorization required URI to nginx.
2. If it doesn't found in proxy_cached contents, nginx requests URI to
   backend server.
3. backend server responses with 401 (Unauthorized) HTTP status code
   to nginx.
4. nginx responses with 401 (Unauthorized) HTTP status code to client.
5. client send requests with the authorized User/Password on
   'Authorization:' HTTP header.
6. nginx passes through that requests to backend server.
7. backend server responses authorized contents with 200 HTTP status
   code without 'Cache-Control: no-cache or no-store' HTTP headers.
8. nginx's proxy_cache module caches the contents, so it respond with
   200 HTTP status code.
9. nginx responses the contens to client with 200 HTTP status code.
10. change User or Password for HTTP authorization of URI on backend
    server.
11. client requests same URI at step 1 with previously (same at step 5)
    User/Password (at here, wrong/unauthorized User/Password) on
    'Authorization:' HTTP header.
12. nginx responses previously (at step 8) cached contents without any
    HTTP authorizations until proxy_cache expired ('proxy_cache_valid'
    time for '200' HTTP status).

nginx should request to backend server with 'Authorization:' HTTP
header requested by client at step 12, I suppose..

 } This effectively switches off cache for requests with 
 } authorization.  The same may be done via configs.

How can I do via configs?

Thank you.

- Kuramoto Eiji

More information about the nginx mailing list