Answer the question
In order to leave comments, you need to log in
How to make auth_request on SSI in Nginx?
There is an html page of the article available to everyone. It is necessary to show the "Edit" link on it, which is available only to some users.
From the article (test1.html) I connect the link (test2.html) via SSI, but for some reason the rights to it are not checked. When directly accessed from the browser, they are checked. How to force to check at SSI?
test1.html (article)
test1
<!--# include file="/test2.html" -->
test2
server {
ssi on;
location = /test1.html {
}
location = /test2.html {
auth_request /test_auth;
}
location = /test_auth {
return 403;
}
# ...
}
test1
test2
test1
<403>
<403>
Answer the question
In order to leave comments, you need to log in
I'll answer myself.
Access control modules (such as auth_basic, access and auth_request) do not check subrequests.
It is assumed that all necessary rights were checked during the processing of the main request.
--
Maxim Dounin
nginx.org
So I did this:
test1.html
test1 <!--# block name="empty" --><!--# endblock --> <!--# include file="/test2.html" stub="empty" -->
Config:map $cookie_user_id:$request_uri $allow { default 0; 1234:/path/page1.html 1; 4567:/path/page1.html 1; } server { ssi on; location = /test1.html { } location = /test2.html { internal; if ($allow = 0) { return 403; } } }
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question