auth_request module is sending the auth subrequest twice
Vineet Naik
naikvin at gmail.com
Mon Mar 11 06:54:44 UTC 2024
Hello,
I had sent the original email to the nginx mailing list address a week ago.
But I don't see it on the March 2024 archives page -
https://mailman.nginx.org/pipermail/nginx/2024-March/thread.html#start. I
am wondering if that's the case because I was not subscribed to the mailing
list at the time of sending the email (I have subscribed just now) or if
it's stuck in moderation.
Appreciate any help.
Thanks,
Vineet
On Mon, 4 Mar 2024 at 11:52, Vineet Naik <naikvin at gmail.com> wrote:
> Hello,
>
> I am using the auth_request module to restrict access to static files at
> location `/`. I noticed that when authentication is successful, the `/auth`
> endpoint is receiving 2 requests for every request sent to nginx by the
> client application. Interestingly, this only happens when the user is
> logged in i.e. the `/auth` endpoint responds with 200 status code.
> Otherwise, the auth endpoint is called only once. I have verified this by
> logging every incoming request to `/auth` handler in the server
> application.
>
> I can see that the internal subrequests made by nginx to the auth endpoint
> are not being logged. Is there a way to enable logging for auth
> subrequests? How do I investigate this further?
>
> Nginx config for reference:
>
> server {
> listen 80;
> server_name spapoc.local;
>
> access_log /var/log/nginx/spapoc.access.log main;
>
> location ~ ^/(login|logout) {
> auth_request off;
> proxy_pass http://127.0.0.1:5001;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Forwarded-Prefix /;
> }
>
> location /xhr/ {
> auth_request off;
> proxy_pass http://127.0.0.1:5001/;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Forwarded-Prefix /;
> }
>
> location = /favicon.ico {
> auth_request off;
> root /home/vmadmin/spa;
> }
>
> location / {
> auth_request /auth;
> auth_request_set $auth_status $upstream_status;
> error_page 401 = @error401;
>
> root /home/vmadmin/spa;
> try_files $uri $uri/ /index.html;
> }
>
> location = /auth {
> internal;
> auth_request off;
> proxy_pass http://127.0.0.1:5001;
> proxy_pass_request_body off;
> proxy_set_header Content-Length "";
> proxy_set_header X-Original-URI $request_uri;
> }
>
> location @error401 {
> return 302 /login;
> }
>
> #error_page 404 /404.html;
>
> # redirect server error pages to the static page /50x.html
> #
> error_page 500 502 503 504 /50x.html;
> location = /50x.html {
> root /usr/share/nginx/html;
> }
> }
>
> --
> Thanks,
> Vineet
>
>
--
~ Vineet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20240311/556c1252/attachment.htm>
More information about the nginx
mailing list