Mercurial > hg > ngx_http_auth_request_module
annotate README @ 9:4385a10a836f
Auth request: add note that proxy_cache and friends do not work.
With r->header_only set upstream module will shutdown client connection
in case it needs to do cache/store. Probably it's good idea to avoid setting
r->header_only on auth subrequest to make cache work. On the other hand,
auth subrequest then will be required to return responses with empty body in
all cases, even on errors.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 24 Mar 2010 07:09:18 +0300 |
| parents | fb05a061532c |
| children |
| rev | line source |
|---|---|
| 0 | 1 Auth request module for nginx. |
| 2 | |
| 3 This module allows authorization based on subrequest result. Once subrequest | |
| 4 returns 2xx status - access is allowed, on 401 or 403 - disabled with | |
| 5 appropriate status. Anything else is considered to be an error. | |
| 6 | |
| 7 For 401 status WWW-Authenticate header from subrequest response will be | |
| 8 passed to client. | |
| 9 | |
|
2
187ac993cd15
Auth request: mention satisfy directive in README.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
10 Module works at access phase and therefore may be combined nicely with other |
|
187ac993cd15
Auth request: mention satisfy directive in README.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
11 access modules (access, auth_basic) via satisfy directive. |
|
187ac993cd15
Auth request: mention satisfy directive in README.
Maxim Dounin <mdounin@mdounin.ru>
parents:
0
diff
changeset
|
12 |
| 0 | 13 Configuration directives: |
| 14 | |
| 15 auth_request <uri>|off | |
| 16 | |
| 17 Context: http, server, location | |
| 18 Default: off | |
| 19 | |
| 20 Switches auth request module on and sets uri which will be asked for | |
| 21 authorization. | |
| 22 | |
|
7
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5
diff
changeset
|
23 auth_request_set <variable> <value> |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5
diff
changeset
|
24 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5
diff
changeset
|
25 Context: http, server, location |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5
diff
changeset
|
26 Default: none |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5
diff
changeset
|
27 |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5
diff
changeset
|
28 Set request variable to the given value after auth request completion. |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5
diff
changeset
|
29 Value may contain variables from auth request, e.g. $upstream_http_*. |
|
fb05a061532c
Auth request: auth_request_set directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5
diff
changeset
|
30 |
| 0 | 31 Usage: |
| 32 | |
| 33 location /private/ { | |
| 34 auth_request /auth; | |
| 35 ... | |
| 36 } | |
| 37 | |
| 38 location = /auth { | |
| 39 proxy_pass ... | |
|
5
cc231fa95159
Auth request: expand example in README.
Maxim Dounin <mdounin@mdounin.ru>
parents:
2
diff
changeset
|
40 proxy_pass_request_body off; |
|
cc231fa95159
Auth request: expand example in README.
Maxim Dounin <mdounin@mdounin.ru>
parents:
2
diff
changeset
|
41 proxy_set_header Content-Length ""; |
|
cc231fa95159
Auth request: expand example in README.
Maxim Dounin <mdounin@mdounin.ru>
parents:
2
diff
changeset
|
42 proxy_set_header X-Original-URI $request_uri; |
| 0 | 43 } |
| 44 | |
|
9
4385a10a836f
Auth request: add note that proxy_cache and friends do not work.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7
diff
changeset
|
45 Note: it is not currently possible to use proxy_cache/proxy_store (and |
|
4385a10a836f
Auth request: add note that proxy_cache and friends do not work.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7
diff
changeset
|
46 fastcgi_cache/fastcgi_store) for requests initiated by auth request |
|
4385a10a836f
Auth request: add note that proxy_cache and friends do not work.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7
diff
changeset
|
47 module. |
|
4385a10a836f
Auth request: add note that proxy_cache and friends do not work.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7
diff
changeset
|
48 |
| 0 | 49 To compile nginx with auth request module, use "--add-module <path>" option |
| 50 to nginx configure. | |
| 51 | |
| 52 Development of this module was sponsored by Openstat (http://www.openstat.com/). |