checking headers
Larry Martell
larry.martell at gmail.com
Tue May 31 13:23:36 UTC 2016
On Tue, May 31, 2016 at 7:55 AM, Larry Martell <larry.martell at gmail.com> wrote:
> On Tue, May 31, 2016 at 7:41 AM, Larry Martell <larry.martell at gmail.com> wrote:
>> On Mon, May 30, 2016 at 2:19 PM, Robert Paprocki
>> <rpaprocki at fearnothingproductions.net> wrote:
>>>
>>>
>>> On Sat, May 28, 2016 at 12:48 PM, Larry Martell <larry.martell at gmail.com>
>>> wrote:
>>>>
>>>> Is there any way with nginx to check a request's headers and send back
>>>> a 401 if the headers are not proper?
>>>
>>>
>>>
>>> Yes, you can do with this via the 'map' and 'if' directives. A trivial
>>> example:
>>>
>>> http {
>>> # if the "X-Foo" request header contains the phrase 'data', set $bar
>>> to 1; otherwise, set it to 0
>>> map $http_x_foo $bar {
>>> default 0;
>>> "~data" 1;
>>> }
>>>
>>> server {
>>> location /t {
>>> if ($bar) {
>>> return 401;
>>> }
>>> }
>>> }
>>>
>>> See also http://nginx.org/en/docs/http/ngx_http_map_module.html and
>>> http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#if
>>
>> I added this to the http section:
>>
>> map $http_x_capdata_auth $not_auth {
>> default 1;
>> "authorized" 0;
>> }
>>
>> and this to the location section:
>>
>> if ($not_auth) {
>> return 401;
>> }
>>
>> and it's always returning a 401, even if there is a header:
>>
>> X-Capdata-Auth: authorized
>>
>> And I doing something wrong here? How can I debug this?
>
> Looking with tcpdump I do not see that header field set. The request
> is coming from a django app which is doing a redirect and I set the
> header before the redirect. Guess I have to debug from that side.
I traced the django code all the way through to when the response is
going out and I see this:
(Pdb) response._headers
{'x-capdata-auth': ('X-Capdata-Auth', 'authorized'), 'content-type':
('Content-Type', 'text/html; charset=utf-8'), 'location': ('Location',
'http://foo.bar.com:8000/workitem/12345'), 'vary': ('Vary', 'Cookie')}
Any one have any ideas as to why it doesn't seem to make it over to nginx?
More information about the nginx
mailing list