Welcome! Log In Create A New Profile


Subrequests: returning response to client

April 18, 2013 12:55AM
I'm currently looking to extend the 'Auth Request' (http://mdounin.ru/hg/ngx_http_auth_request_module/) Nginx add-on module and have the module be able to conform (at least wherever possible) to the FastCGI "Authorizer" specification. The full specification is at http://www.fastcgi.com/drupal/node/22#S6.3 - the idea being the configured authorizer should be hit with a sub-request, and if a 200 is returned, then access allowed, with some manipulation of special headers. This is fine and I've successfully written extended the existing auth-request code.

However, for any other response aside from 200, the Authorizer specification states that the server must send the response status, headers, and content back to the HTTP client. In my specific FastCGI authorizer, it sends various 301/302 redirects to do single sign on. This is where I've gotten stuck.

So far, within the ngx_http_auth_request_handler function, I've managed to have this mostly working using this:

ngx_http_request_t *sr;
if (authorizer) {
sr = ctx->subrequest;
r->headers_out = sr->headers_out;
return ctx->status;

which results in sending the subrequest's headers and status back to the client. I'm unsure if this is sensible in replacing headers in this fashion - eg performance or memory wise - so could some please comment on this? It does work though.

However, all that said, the subrequest's response body is the missing piece of the puzzle. I did figure out that the ``sr`` above defaults to ``sr->header_only = 1``, so it is ignoring the response body. However, turning this off results in the subrequest returning the body response to the client before main response headers can be sent -- exactly as per the discussion here: http://forum.nginx.org/read.php?2,222427,222543 . Curiously, only the sub-request response body is sent to the client, not the headers as well. If this behaviour for the subrequest could be changed to send its headers as well, then this would solve my problem.

One way or another, I'd like to get the subrequest's response to the client as the whole response. Is this possible, and if so, how?

Thanks in advance!

-- David
Subject Author Posted

Subrequests: returning response to client

davidjb April 18, 2013 12:55AM

Re: Subrequests: returning response to client

Maxim Dounin April 18, 2013 04:56AM

Re: Subrequests: returning response to client

davidjb April 22, 2013 12:17AM

Re: Subrequests: returning response to client

Maxim Dounin April 22, 2013 12:16PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 81
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 214 on March 20, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready