Auth request module 0.2

Hello!

Changes with auth request module 0.2 (2010-03-24):

*) Feature: auth_request_set directive.

*) Bugfix: segmentation fault happened on auth request handled by
   proxy_pass or fastcgi_pass if initial request has non-empty body.

Further info is here:

http://mdounin.ru/hg/ngx_http_auth_request_module/
http://mdounin.ru/files/ngx_http_auth_request_module-0.2.tar.gz

MD5 (ngx_http_auth_request_module-0.2.tar.gz) =
46b7c636d0734c87fa9563089e536bc9
SHA256 (ngx_http_auth_request_module-0.2.tar.gz) =
eea5d0ec02bba93d0b204a034230cc61462b60497cbac6f581d7e008a9262ba4

Maxim D.

I’m having problems using this module for POST requests. GET works fine
and it’s really awesome, but POST requests end-up timing out. Anybody
experience the same thing?

Posted at Nginx Forum:

Hello!

On Tue, Jun 21, 2011 at 10:43:13AM -0400, adamchal wrote:

I’m having problems using this module for POST requests. GET works fine
and it’s really awesome, but POST requests end-up timing out. Anybody
experience the same thing?

Please make sure you use

proxy_set_header Content-Length "";

as suggested by README if you use proxy_pass to handle auth
subrequests.

Maxim D.

Hello!

On Tue, Jun 21, 2011 at 02:00:21PM -0400, adamchal wrote:

OK, you’re absolutely right. I didn’t have that line in there. I’m
trying to follow the reasoning for needing to zero-out request body, but
it doesn’t make immediate sense. Is the OP in this thread along the
same lines? subrequest and POST

Auth request doesn’t read request body, and subrequest used for
auth will have no body but the same headers as original request.
Thus it’s needed to clear Content-Length if you are going to
proxy_pass auth subrequest somewhere.

Maxim D.

OK, you’re absolutely right. I didn’t have that line in there. I’m
trying to follow the reasoning for needing to zero-out request body, but
it doesn’t make immediate sense. Is the OP in this thread along the
same lines? subrequest and POST

Posted at Nginx Forum:

I actually got this working with the built-in memcache and userid
modules. This is REALLY cool and I’m going to be re-thinking how to
provide security/authentication in other projects using this approach.
Thanks for the quick feedback and your hard work Maxim.

Here’s a snippet of my configuration:

server {

auth_request /auth;

location = /auth {
  auth_request          off;
  set $memcached_key    sso$cookie_uid;
  memcached_pass        mmc:11211;
  error_page            404
                        =403 /login.html;
}
location = /login.php {
  auth_request          off;
  # fastcgi_param
  fastcgi_pass          unix:/var/lib/php.sock;
}
...

}

Note: this example uses PHP/FastCGI instead of proxy_pass.

Posted at Nginx Forum: