Anyone have any thoughts? Even if it's just to say "this isn't possible". Cheers, Davidby davidjb - Nginx Mailing List - English
I'm working on an authentication module for nginx, namely the Shibboleth auth module (https://github.com/nginx-shib/nginx-http-shibboleth). This module is based off the core nginx auth_request module (https://github.com/nginx/nginx/blob/master/src/http/modules/ngx_http_auth_request_module.c). The original module allows a sub-request to determine whether to grant or deny access to a nginx locatioby davidjb - Nginx Mailing List - English
Maxim Dounin Wrote: ------------------------------------------------------- > For me it doesn't looks like what you do actually matches FastCGI > Authorizer specification. Even if we ignore the fact that body > isn't handled properly, and authorizer mode isn't advertized to > FastCGI. > > Most of the code in the patch seems to be dedicated to special > processingby davidjb - Nginx Mailing List - English
I've written an additional feature into the Auth Request module (from http://mdounin.ru/hg/ngx_http_auth_request_module/) that allows a user to control the behaviour of the auth_request in such a way that it can act as a FastCGI authorizer. This patch that I have written allows the user to specify the flag "authorizer=on" against a call to "auth_request" (eg "auth_requestby davidjb - Nginx Mailing List - English
Maxim Dounin Wrote: ------------------------------------------------------- > What you are trying to do should be possible with > NGX_HTTP_SUBREQUEST_IN_MEMORY - this way subrequest body will be > available in memory instead of being sent to a client. But it's > not currently supported for fastcgi. Thanks for the clarification and your reply. I've taken to ignoring requby davidjb - Nginx Mailing List - English
I'm currently looking to extend the 'Auth Request' (http://mdounin.ru/hg/ngx_http_auth_request_module/) Nginx add-on module and have the module be able to conform (at least wherever possible) to the FastCGI "Authorizer" specification. The full specification is at http://www.fastcgi.com/drupal/node/22#S6.3 - the idea being the configured authorizer should be hit with a sub-request, and ifby davidjb - Nginx Mailing List - English