Conditionally removing a proxy header
eckern
nginx-forum at forum.nginx.org
Thu May 21 20:38:18 UTC 2020
Thanks so much Francis, yes that seems to be have worked. When the
application is accessed outside our domain, it doesn't try to negotiate
which would pop up the Windows authentication prompt and would never work
anyways, but if the user is inside our domain either by being physically
inside the building or through a VPN, the negotiate header is there to allow
for automatic sign-in using their Windows credentials.
As you suggested I used a map:
map $external_traffic $negotiate {
1 '';
0 $upstream_http_www_authenticate;
}
Then inside the location block I removed and conditionally added the
WWW-Authenticate header:
proxy_hide_header WWW-Authenticate; # Remove negotiate header
add_header WWW-Authenticate $negotiate always; #Add negotiate header for
internal addresses
Thanks again!
Neil
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288015,288091#msg-288091
More information about the nginx
mailing list