Question about IF and auth subrequest
Maxim Dounin
mdounin at mdounin.ru
Wed Feb 24 14:01:31 UTC 2021
Hello!
On Wed, Feb 24, 2021 at 10:39:57AM +0100, Vincent Blondel wrote:
> Hello all,
> I have a quick question about the usage of IF and auth_request.
> I would like to know if it is possible to use a IF statement to condition
> the proxy behaviour of one /location depending on the response headers of
> the sub auth request ...
>
> location /subrequest/ {
> proxy_pass xxx;
> }
> location /anyrequest/ {
> auth_request /subrequest/;
>
> if ($response_header ~ '' ) {
> proxy_pass_request_body off;
> proxy_set_header Content-Length "";
> proxy_pass ...
> }
> if ($response_header !~ '' ) {
> proxy_pass xxx;
> }
> }
>
> Thank You in advance for your Support ...
No, it is not going to work. The "if" directive and other rewrite
module directives are executed as a part of selecing a
configuration to process a request[1], and this happens before any
authentication checks.
Things that can work:
- Using variables in the configuration and map[2] to conditionally
evaluate them after auth subrequest. This might not be the best
approach in your particular case, as proxy_pass_request_body
does not support variables.
- Returning an error from auth subrequest, so you can switch to a
different location using error_page[3].
[1] http://nginx.org/en/docs/http/ngx_http_rewrite_module.html
[2] http://nginx.org/en/docs/http/ngx_http_map_module.html
[3] http://nginx.org/r/error_page
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list