Home > OS >  Can not get headers and status code returned by auth_request
Can not get headers and status code returned by auth_request

Time:10-16

I have the following test nginx configuration:

user  nginx;
worker_processes  auto;

error_log /dev/stderr debug;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    access_log  /dev/stderr  main;

    sendfile        on;

    keepalive_timeout  65;

    upstream content {
      server 127.0.0.1:4001;
    }

    server {
        listen 4000;
        server_name test;
        gzip off;
        autoindex off;

        location /test-auth {
            add_header X-Test "testvalue";
            return 200;
        }

        location /proxy {
            add_header "X-Test1" "test1";
            auth_request /test-auth;
            auth_request_set $test $sent_http_x_test;
            auth_request_set $test2 $upstream_status;
            add_header X-Test $test;
            add_header X-Test2 $test2;
            proxy_pass http://content?test=$test&test2=$test2;
            proxy_pass_request_body off;
        }
    }

    server {
        listen 4001;
        add_header X-Test3 "test3";
        return 200 "testt response $args";
    }
}

I expect that requesting the /proxy URL will return all test headers: X-Test (header returned by the auth request), X-Test1 (just a sample), X-Test2 (value of the auth request HTTP status), X-Test3 (set by the content downstream).

But in the reality, this request only returns X-Test1 and X-Test2. I can not get any value (headers or return status) by the auth_request_set directive. I tried both variants of variable names I found in google: $sent_http_x_test and $upstream_http_x_test but no luck. The $test variable is always empty.

I saw the following official example: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/ but the auth_request_set $test2 $upstream_status; line also doesn't work and the $test2 variable is always empty.

What I'm doing wrong?

CodePudding user response:

The problem is that /test-auth location has no upstream configured, you could try the configure below.

$upstream_http_x_test is correct.

user  nginx;
worker_processes  auto;

error_log /dev/stderr debug;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    access_log  /dev/stderr  main;

    sendfile        on;

    keepalive_timeout  65;

    upstream content {
      server 127.0.0.1:4001;
    }

    server {
        listen 4000;
        server_name test;
        gzip off;
        autoindex off;

        location /real-auth {
            add_header X-Test "testvalue";
            return 200;
        }
        
        location /test-auth {
            proxy_pass http://127.0.0.1:4000/real-auth;
        }

        location /proxy {
            add_header "X-Test1" "test1";
            auth_request /test-auth;
            auth_request_set $test $upstream_http_x_test;
            auth_request_set $test2 $upstream_status;
            add_header X-Test $test;
            add_header X-Test2 $test2;
            proxy_pass http://content?test=$test&test2=$test2;
            proxy_pass_request_body off;
        }
    }

    server {
        listen 4001;
        add_header X-Test3 "test3";
        return 200 "testt response $args";
    }
}
  • Related