1 Auth request module for nginx.

2

3 This module allows authorization based on subrequest result. Once subrequest

4 returns 2xx status - access is allowed, on 401 or 403 - disabled with

5 appropriate status. Anything else is considered to be an error.

6

7 For 401 status WWW-Authenticate header from subrequest response will be

8 passed to client.

9

10 Module works at access phase and therefore may be combined nicely with other

11 access modules (access, auth_basic) via satisfy directive.

12

13 Configuration directives:

14

15 auth_request <uri>|off

16

17 Context: http, server, location

18 Default: off

19

20 Switches auth request module on and sets uri which will be asked for

21 authorization.

22

23 auth_request_set <variable> <value>

24

25 Context: http, server, location

26 Default: none

27

28 Set request variable to the given value after auth request completion.

29 Value may contain variables from auth request, e.g. $upstream_http_*.

30

31 Usage:

32

33 location /private/ {

34 auth_request /auth;

35 ...

36 }

37

38 location = /auth {

39 proxy_pass ...

40 proxy_pass_request_body off;

41 proxy_set_header Content-Length "";

42 proxy_set_header X-Original-URI $request_uri;

43 }

44

45 Note: it is not currently possible to use proxy_cache/proxy_store (and

46 fastcgi_cache/fastcgi_store) for requests initiated by auth request

47 module.

48

49 To compile nginx with auth request module, use "--add-module <path>" option

50 to nginx configure.

51

52 Development of this module was sponsored by Openstat (http://www.openstat.com/).