auth_request not passing query string

Francis Daly francis at daoine.org
Tue May 11 23:38:49 UTC 2021


On Tue, May 11, 2021 at 07:05:55PM -0400, rsavignon wrote:

Hi there,

> thanks for the fast reply. At auth server, the value of "X-Original-URI"
> header is only "/validate". But should be  "/validate?token=<token_value>"
> as all request for a static file pass a token query param to the file server
> (https://files.mysite.com/myvideo.mp4?token=<token_value>).

I would expect the header to be /myvideo.mp4?token=<token_value>, and
not to be /validate at all.

It seems to work for me, at least using http so that I can see the traffic
using tcpdump. (Alternatively, you could add $http_x_original_uri to the
"upstream" logging, to see what is received as far as the web service
is concerned.)

Config:

==
  server {
    listen 6990;
    location / {
      auth_request     /validate;
      auth_request_set $auth_status $upstream_status;
      try_files $uri $uri/ =404;
    }
    location /validate {
      proxy_pass http://127.0.0.1:6991/validate/;
      proxy_set_header X-Original-URI $request_uri;
    }
  }

  server {
    listen 6991;
    location / {
      return 200 "request - header: $request_uri - $http_x_original_uri\n";
    }
  }
==

Test:

==
sudo tcpdump -nn -i any -A -s 0 port 6991 &
==
curl -i http://127.0.0.1:6990/file.mp4?token=value
==

The tcpdump output shows the request from the 6990 server to the 6991 server including

==
GET /validate/ HTTP/1.0
X-Original-URI: /file.mp4?token=value
Host: 127.0.0.1:6991
Connection: close
==

and it shows the response body from the 6991 server including

==
request - header: /validate/ - /file.mp4?token=value
==

Does a test like that show something different for you?

Thanks,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list