how to Add $request_uri to auth_request module?

Question

Here is my nginx config file:

location ~* ^/admin-panel/rest/(.*) {
    auth_request        /admin/admin_authentication/check_access?url=$request_uri;

    proxy_set_header    Host        $host;
    proxy_set_header    X-Real-IP   $remote_addr;

    resolver 127.0.0.11 ipv6=off;

    proxy_pass        http://nginx:8000/$1$is_args$args;
}

I want to send $request_uri as a GET parameter to my authentication service. but i get errors like this:

2019/06/23 06:30:07 [error] 6#6: *5 auth request unexpected status: 
404 while sending to client, client: 192.168.224.1, server: , request: 
"POST /admin-panel/rest/update HTTP/1.1", host: "localhost"
2019/06/23 06:30:07 [error] 6#6: *8 auth request unexpected status: 
404 while sending to client, client: 192.168.224.1, server: , request: 
"POST /admin-panel/rest/update HTTP/1.1", host: "localhost"
2019/06/23 06:31:56 [error] 6#6: *1 auth request unexpected status: 
404 while sending to client, client: 192.168.224.1, server: , request: 
"POST /admin-panel/rest/update HTTP/1.1", host: "localhost"
2019/06/23 06:31:57 [error] 6#6: *3 auth request unexpected status: 
404 while sending to client, client: 192.168.224.1, server: , request: 
"POST /admin-panel/rest/update HTTP/1.1", host: "localhost"

when I remove ?url=$request_uri section in auth_request, everything works fine

Maybe you can use `set_by_lua` to create the URI argument for `auth_request`. — Mohsenasm, Jun 23 '19 at 07:36

score 3 · Accepted Answer · answered Jul 14 '19 at 12:28

By using lua-nginx-module (or openresty docker image), You can use access_by_lua_block instead of auth_request like this:

location ~* ^/admin-panel/rest/(.*) {
    access_by_lua_block {
        local res = ngx.location.capture("/admin/admin_authentication/check_access?url=" .. ngx.var.request_uri)

        if res.status == ngx.HTTP_OK then
            return
        end

        if res.status == ngx.HTTP_FORBIDDEN then
            ngx.exit(res.status)
        end

        ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
    }

    proxy_set_header    Host        $host;
    proxy_set_header    X-Real-IP   $remote_addr;

    resolver 127.0.0.11 ipv6=off;

    proxy_pass        http://nginx:8000/$1$is_args$args;
}

Actually, This code implements auth_request with access_by_lua_block and create URL with Lua concatenation operator ...

how to Add $request_uri to auth_request module?

1 Answers1