Hmm, I notice this from the map documentation:
> Since variables are evaluated only when they are used, the mere declaration even of a large number of “map” variables does not add any extra costs to request processing.
Here is what I suspect:
1) The limit_req directive is being processed before the auth subrequest
2) Therefore, when the limit_req is present, the mapped variables are empty since the header from the auth request is not present. But when limit_req is removed, the mapped variables are evaluated by the access_log, which happens after the auth subrequest has been made.
Can anyone kindly confirm or reject this theory?
Thanks again,
Jared