Hi,

I'm working on an application independent authentication and
authorization layer that utilizes nginx with auth request module. The
two are working great for me, but I run into an issue that I don't
know how to solve, maybe you can help?

Is there a way to enforce auth requests for all resources under a
specific path? Say I want to protect all resources in /protected:

location /protected/ {
auth_request /auth/is_authenticated/;
error_page 403 /auth/login/;
error_page 401 /auth/noauthorized/;
}

This works but only until more specific location is added:

location /protected/blog {
#....
}

Which, due to location matching rules, takes precedence over the
'/protected' location, and auth requests for blog are not issued.

Is there any way around it other than repeating auth_request
configuration for each location?

I can think of two solutions, but each has quite substantial limitations:
1. configure auth_request in server {} section, but this authorizes
all requests, not only ones in '/protected'
2. Run separate nginx instance configured to do authorization only and
passing all allowed requests downstream. This would introduce
additional performance and maintenance overhead.

Is there any better way?

thanks,
Jan

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx