Welcome! Log In Create A New Profile

Advanced

Re: Authorization header in combination with X-Accel-Redirect

Maxim Dounin
April 14, 2010 06:18AM
Hello!

On Wed, Apr 14, 2010 at 05:33:10AM -0400, plantian wrote:

> I have one proxy that is handling Authorization of users for
> media content. This proxy really does authorize users,
> returning 403 if they are not permitted to access a resource.
> Then I proxy to amazon s3 to a private bucket. In order to
> authenticate _myself_ I need to pass an Authorization header to
> amazon s3. The name of the header is misleading because really
> this is authentication. Is there any way to return that header
> in the response from first proxy while returning
> X-Accel-Redirect and have it passed to the second proxy?

So you don't have Authorization header in original request but
want to add it to proxied request to s3, right?

Solution is to return header content in some custom header from
you redirect script (e.g. X-Auth) and then set it in
request to s3 via proxy_set_header. Tricky part is to extract it from
$upstream_http_x_auth variable before it will be cleared by next
proxy request - this requires an extra "set".

location /files/ {
# backend which returns X-Accel-Redirect and X-Auth
# headers

proxy_pass ...
}

location /s3/ {
# proxy to s3

internal;
proxy_pass ...

set $xauth $upstream_http_x_auth;

proxy_set_header Authorization $xauth;
}

> I've tried setting Authorization in my first proxy and then
> setting proxy_pass_header Authorization in the location of the
> second proxy but it is never passed. Is there any way to do
> this?

Directive "proxy_pass_header" is to pass headers from backend to
client (make sense for headers which are normally hidden, like
X-Accel-Redirect). It has nothing to do with headers sent to
upstream servers.

> As a hack I've successfully set a query argument in
> X-Accel-Redirect that I then extract and use to set the
> Authorization header. This doesn't seem right but its working
> for some reason.

See above for better solution.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

Authorization header in combination with X-Accel-Redirect

plantian April 14, 2010 05:33AM

Re: Authorization header in combination with X-Accel-Redirect

Maxim Dounin April 14, 2010 06:18AM

Re: Authorization header in combination with X-Accel-Redirect

plantian April 14, 2010 03:30PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 82
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready