auth_request not passing query string
Francis Daly
francis at daoine.org
Tue May 11 23:38:49 UTC 2021
On Tue, May 11, 2021 at 07:05:55PM -0400, rsavignon wrote:
Hi there,
> thanks for the fast reply. At auth server, the value of "X-Original-URI"
> header is only "/validate". But should be "/validate?token=<token_value>"
> as all request for a static file pass a token query param to the file server
> (https://files.mysite.com/myvideo.mp4?token=<token_value>).
I would expect the header to be /myvideo.mp4?token=<token_value>, and
not to be /validate at all.
It seems to work for me, at least using http so that I can see the traffic
using tcpdump. (Alternatively, you could add $http_x_original_uri to the
"upstream" logging, to see what is received as far as the web service
is concerned.)
Config:
==
server {
listen 6990;
location / {
auth_request /validate;
auth_request_set $auth_status $upstream_status;
try_files $uri $uri/ =404;
}
location /validate {
proxy_pass http://127.0.0.1:6991/validate/;
proxy_set_header X-Original-URI $request_uri;
}
}
server {
listen 6991;
location / {
return 200 "request - header: $request_uri - $http_x_original_uri\n";
}
}
==
Test:
==
sudo tcpdump -nn -i any -A -s 0 port 6991 &
==
curl -i http://127.0.0.1:6990/file.mp4?token=value
==
The tcpdump output shows the request from the 6990 server to the 6991 server including
==
GET /validate/ HTTP/1.0
X-Original-URI: /file.mp4?token=value
Host: 127.0.0.1:6991
Connection: close
==
and it shows the response body from the 6991 server including
==
request - header: /validate/ - /file.mp4?token=value
==
Does a test like that show something different for you?
Thanks,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list