Nice. However in the case we are chasing, /authenticate needs the body of the request as it has to verify a digital signature calculated on it. Thank you for your insight anyway. Best, Marc Posted at Nginx Forum: http://forum.nginx.org/read.php?2,60373,60684#msg-60684