1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
=encoding utf-8
=head1 NAME
ngx_http_auth_request_module - Module ngx_http_auth_request_module
=head1
The C<ngx_http_auth_request_module> module (1.5.4+) implements
client authorization based on the result of a subrequest.
If the subrequest returns a 2xx response code, the access is allowed.
If it returns 401 or 403,
the access is denied with the corresponding error code.
Any other response code returned by the subrequest is considered an error.
For the 401 error, the client also receives the
C<WWW-Authenticate> header from the subrequest response.
This module is not built by default, it should be enabled with the
C<--with-http_auth_request_module>
configuration parameter.
The module may be combined with
other access modules, such as
L<ngx_http_access_module|ngx_http_access_module>,
L<ngx_http_auth_basic_module|ngx_http_auth_basic_module>,
and
L<ngx_http_auth_jwt_module|ngx_http_auth_jwt_module>,
via the L<ngx_http_core_module> directive.
B<NOTE>
Before version 1.7.3, responses to authorization subrequests could not be cached
(using L<ngx_http_proxy_module>,
L<ngx_http_proxy_module>, etc.).
=head1 Example Configuration
location /private/ {
auth_request /auth;
...
}
location = /auth {
proxy_pass ...
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
}
=head1 Directives
=head2 auth_request
B<syntax:> auth_request I<I<C<uri>> E<verbar> C<off>>
B<default:> I<off>
B<context:> I<http>
B<context:> I<server>
B<context:> I<location>
Enables authorization based on the result of a subrequest and sets
the URI to which the subrequest will be sent.
=head2 auth_request_set
B<syntax:> auth_request_set I<I<C<$variable>> I<C<value>>>
B<context:> I<http>
B<context:> I<server>
B<context:> I<location>
Sets the request I<C<variable>> to the given
I<C<value>> after the authorization request completes.
The value may contain variables from the authorization request,
such as C<$upstream_http_*>.
|
