Welcome! Log In Create A New Profile

Advanced

Re: auth_request module is sending the auth subrequest twice

Vineet Naik
March 11, 2024 01:34PM
Hi,

On Mon, 11 Mar 2024 at 19:07, Roman Arutyunyan <arut@nginx.com> wrote:

> Hi,
>
> On Mon, Mar 11, 2024 at 12:24:44PM +0530, Vineet Naik wrote:
> > Hello,
> >
> > I had sent the original email to the nginx mailing list address a week
> ago.
> > But I don't see it on the March 2024 archives page -
> > https://mailman.nginx.org/pipermail/nginx/2024-March/thread.html#start.
> I
> > am wondering if that's the case because I was not subscribed to the
> mailing
> > list at the time of sending the email (I have subscribed just now) or if
> > it's stuck in moderation.
> >
> > Appreciate any help.
> >
> > Thanks,
> > Vineet
> >
> > On Mon, 4 Mar 2024 at 11:52, Vineet Naik <naikvin@gmail.com> wrote:
> >
> > > Hello,
> > >
> > > I am using the auth_request module to restrict access to static files
> at
> > > location `/`. I noticed that when authentication is successful, the
> `/auth`
> > > endpoint is receiving 2 requests for every request sent to nginx by the
> > > client application. Interestingly, this only happens when the user is
> > > logged in i.e. the `/auth` endpoint responds with 200 status code.
> > > Otherwise, the auth endpoint is called only once. I have verified this
> by
> > > logging every incoming request to `/auth` handler in the server
> > > application.
>
> It happens because of try_files. The last try_files argument performs
> internal
> redirect to the specified uri. Internal redirect is almost like a new
> request.
> While going through its phases, auth_request is processed again.
>
> https://nginx.org/en/docs/http/ngx_http_core_module.html#try_files


This is helpful. Thanks. I'll try tweaking the config and see if this can
be avoided.

>
>
> > > I can see that the internal subrequests made by nginx to the auth
> endpoint
> > > are not being logged. Is there a way to enable logging for auth
> > > subrequests? How do I investigate this further?
>
> Yes, use 'log_subrequest on':
>
> https://nginx.org/en/docs/http/ngx_http_core_module.html#log_subrequest
>
> > > Nginx config for reference:
> > >
> > > server {
> > > listen 80;
> > > server_name spapoc.local;
> > >
> > > access_log /var/log/nginx/spapoc.access.log main;
> > >
> > > location ~ ^/(login|logout) {
> > > auth_request off;
> > > proxy_pass http://127.0.0.1:5001;
> > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> > > proxy_set_header X-Forwarded-Proto $scheme;
> > > proxy_set_header X-Forwarded-Host $host;
> > > proxy_set_header X-Forwarded-Prefix /;
> > > }
> > >
> > > location /xhr/ {
> > > auth_request off;
> > > proxy_pass http://127.0.0.1:5001/;
> > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> > > proxy_set_header X-Forwarded-Proto $scheme;
> > > proxy_set_header X-Forwarded-Host $host;
> > > proxy_set_header X-Forwarded-Prefix /;
> > > }
> > >
> > > location = /favicon.ico {
> > > auth_request off;
> > > root /home/vmadmin/spa;
> > > }
> > >
> > > location / {
> > > auth_request /auth;
> > > auth_request_set $auth_status $upstream_status;
> > > error_page 401 = @error401;
> > >
> > > root /home/vmadmin/spa;
> > > try_files $uri $uri/ /index.html;
> > > }
> > >
> > > location = /auth {
> > > internal;
> > > auth_request off;
> > > proxy_pass http://127.0.0.1:5001;
> > > proxy_pass_request_body off;
> > > proxy_set_header Content-Length "";
> > > proxy_set_header X-Original-URI $request_uri;
> > > }
> > >
> > > location @error401 {
> > > return 302 /login;
> > > }
> > >
> > > #error_page 404 /404.html;
> > >
> > > # redirect server error pages to the static page /50x.html
> > > #
> > > error_page 500 502 503 504 /50x.html;
> > > location = /50x.html {
> > > root /usr/share/nginx/html;
> > > }
> > > }
> > >
> > > --
> > > Thanks,
> > > Vineet
> > >
> > >
> >
> > --
> > ~ Vineet
>
> > _______________________________________________
> > nginx mailing list
> > nginx@nginx.org
> > https://mailman.nginx.org/mailman/listinfo/nginx
>
> --
> Roman Arutyunyan
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>


--
~ Vineet
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Re: auth_request module is sending the auth subrequest twice

Vineet Naik March 11, 2024 02:56AM

Re: auth_request module is sending the auth subrequest twice

Roman Arutyunyan March 11, 2024 09:38AM

Re: auth_request module is sending the auth subrequest twice

Vineet Naik March 11, 2024 01:34PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 251
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready