Hello!
Changes with auth request module 0.2 (2010-03-24):
*) Feature: auth_request_set directive.
*) Bugfix: segmentation fault happened on auth request handled by
proxy_pass or fastcgi_pass if initial request has non-empty body.
Further info is here:
http://mdounin.ru/hg/ngx_http_auth_request_module/
http://mdounin.ru/files/ngx_http_auth_request_module-0.2.tar.gz
MD5 (ngx_http_auth_request_module-0.2.tar.gz) =
46b7c636d0734c87fa9563089e536bc9
SHA256 (ngx_http_auth_request_module-0.2.tar.gz) =
eea5d0ec02bba93d0b204a034230cc61462b60497cbac6f581d7e008a9262ba4
Maxim D.
I’m having problems using this module for POST requests. GET works fine
and it’s really awesome, but POST requests end-up timing out. Anybody
experience the same thing?
Posted at Nginx Forum:
Hello!
On Tue, Jun 21, 2011 at 10:43:13AM -0400, adamchal wrote:
I’m having problems using this module for POST requests. GET works fine
and it’s really awesome, but POST requests end-up timing out. Anybody
experience the same thing?
Please make sure you use
proxy_set_header Content-Length "";
as suggested by README if you use proxy_pass to handle auth
subrequests.
Maxim D.
Hello!
On Tue, Jun 21, 2011 at 02:00:21PM -0400, adamchal wrote:
OK, you’re absolutely right. I didn’t have that line in there. I’m
trying to follow the reasoning for needing to zero-out request body, but
it doesn’t make immediate sense. Is the OP in this thread along the
same lines? subrequest and POST
Auth request doesn’t read request body, and subrequest used for
auth will have no body but the same headers as original request.
Thus it’s needed to clear Content-Length if you are going to
proxy_pass auth subrequest somewhere.
Maxim D.
OK, you’re absolutely right. I didn’t have that line in there. I’m
trying to follow the reasoning for needing to zero-out request body, but
it doesn’t make immediate sense. Is the OP in this thread along the
same lines? subrequest and POST
Posted at Nginx Forum:
I actually got this working with the built-in memcache and userid
modules. This is REALLY cool and I’m going to be re-thinking how to
provide security/authentication in other projects using this approach.
Thanks for the quick feedback and your hard work Maxim.
Here’s a snippet of my configuration:
server {
…
auth_request /auth;
location = /auth {
auth_request off;
set $memcached_key sso$cookie_uid;
memcached_pass mmc:11211;
error_page 404
=403 /login.html;
}
location = /login.php {
auth_request off;
# fastcgi_param
fastcgi_pass unix:/var/lib/php.sock;
}
...
}
Note: this example uses PHP/FastCGI instead of proxy_pass.
Posted at Nginx Forum: