Forum: NGINX Inconsistent behavior with Nginx's auth_request_set and more_set_input_headers

1996281a42877accd2c99a6f623f193a?d=identicon&s=25 unknown (Guest)
on 2014-06-28 19:36
(Received via mailing list)
Hi,

I'm trying to use the auth_request module in conjunction with the
more_set_input_headers to automatically login my users into web apps.

Basically, it works like this:

1. Users have some session cookie that authenticates them.
2. I have a PHP script (auth.php) that validates the cookie and returns
their proper username as a response header.
3. Nginx calls auth.php with auth_request, and sets the username in a
variable.
4. Nginx then calls the web app with a request header set to the correct
username.
5. The web app reads the header, and logs the user in.

This works, but strangely inconsistent. The issue is that when a user
accesses the web app on /app/, it works (the request header is sent),
but when the app is accesssed on /app/index.php, it never receives the
header from nginx.

I've created a mock configuration that reproduces the error. It doesn't
matter if I use a browser or cURL; both give the same behavior.

I thought it'd be a bit hard to view configuration files on a mailing
list, so I've created a topic on ServerFault. Reply whichever way you
like best. Topic is here:

http://serverfault.com/questions/608625/inconsiste...

Thanks a lot! This issue has kept me up for a few days now already.
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2014-07-01 00:53
(Received via mailing list)
Hello!

On Sat, Jun 28, 2014 at 05:35:27PM +0000, admin@stichtingbcco.com wrote:

> 3. Nginx calls auth.php with auth_request, and sets the username in a
> variable.
> 4. Nginx then calls the web app with a request header set to the correct
> username.
> 5. The web app reads the header, and logs the user in.
>
> This works, but strangely inconsistent. The issue is that when a user
> accesses the web app on /app/, it works (the request header is sent), but
> when the app is accesssed on /app/index.php, it never receives the header
> from nginx.

This behaviour is likely due to the fact that
"more_set_input_headers" handler is executed before access phase
(where auth_request works), and hence only changes a request if
it's internally redirected.

Solution to the problem is to stop using "more_set_input_headers"
(it's anyway very wrong, request headers shouldn't be changed) and
use native "fastcgi_param" instead:

   fastcgi_param HTTP_X_TEST_HEADER $auth_header;

>
http://serverfault.com/questions/608625/inconsiste...

Will link this answer there.

--
Maxim Dounin
http://nginx.org/
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.