auth_request, HTTP 401 and missing header WWW-Authenticate
Maxim Dounin
mdounin at mdounin.ru
Wed Feb 2 10:45:03 MSK 2011
Hello!
On Tue, Feb 01, 2011 at 03:09:07PM +0000, Pavel Kolla wrote:
[...]
> I can see from source code for auth_request that it should produce "WWW-
> Authenticate" headers, however it never does for me... would really appreciate
> any suggestions helping me to resolve this.
> Thanks in advance.
Auth request module shouldn't produce WWW-Authenticate header by
itself. Instead, you should return WWW-Authenticate header with 401 reply
from your auth backend, auth_request will pass it to client.
This is explicitly documented, see here:
http://mdounin.ru/hg/ngx_http_auth_request_module/file/a29d74804ff1/README#l7
(and this is the only way how it may work, as auth request
module doesn't know anything about authentication mechanism
used)
It may not be trivial to add such header within nginx itself
though, as add_header a) doesn't work on subrequests and b)
doesn't work on 401 replies.
Maxim Dounin
More information about the nginx
mailing list