checking headers

Tue May 31 13:23:36 UTC 2016

On Tue, May 31, 2016 at 7:55 AM, Larry Martell <larry.martell at gmail.com> wrote:
> On Tue, May 31, 2016 at 7:41 AM, Larry Martell <larry.martell at gmail.com> wrote:
>> On Mon, May 30, 2016 at 2:19 PM, Robert Paprocki
>> <rpaprocki at fearnothingproductions.net> wrote:
>>>
>>>
>>> On Sat, May 28, 2016 at 12:48 PM, Larry Martell <larry.martell at gmail.com>
>>> wrote:
>>>>
>>>> Is there any way with nginx to check a request's headers and send back
>>>> a 401 if the headers are not proper?
>>>
>>>
>>>
>>> Yes, you can do with this via the 'map' and 'if' directives. A trivial
>>> example:
>>>
>>> http {
>>>         # if the "X-Foo" request header contains the phrase 'data', set $bar
>>> to 1; otherwise, set it to 0
>>>         map $http_x_foo $bar {
>>>                 default 0;
>>>                 "~data" 1;
>>>         }
>>>
>>>     server {
>>>         location /t {
>>>                 if ($bar) {
>>>                         return 401;
>>>                 }
>>>         }
>>> }
>>>
>>> See also http://nginx.org/en/docs/http/ngx_http_map_module.html and
>>> http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#if
>>
>> I added this to the http section:
>>
>>     map $http_x_capdata_auth $not_auth {
>>         default 1;
>>         "authorized" 0;
>>     }
>>
>> and this to the location section:
>>
>>             if ($not_auth) {
>>                 return 401;
>>             }
>>
>> and it's always returning a 401, even if there is a header:
>>
>> X-Capdata-Auth: authorized
>>
>> And I doing something wrong here? How can I debug this?
>
> Looking with tcpdump I do not see that header field set. The request
> is coming from a django app which is doing a redirect and I set the
> header before the redirect. Guess I have to debug from that side.

I traced the django code all the way through to when the response is
going out and I see this:

(Pdb) response._headers
{'x-capdata-auth': ('X-Capdata-Auth', 'authorized'), 'content-type':
('Content-Type', 'text/html; charset=utf-8'), 'location': ('Location',
'http://foo.bar.com:8000/workitem/12345'), 'vary': ('Vary', 'Cookie')}

Any one have any ideas as to why it doesn't seem to make it over to nginx?