I'm setting up an auth-before-proxy_pass config.
The following works now:
location / {
root /dev/null;
auth_basic "Restricted Remote";
auth_basic_user_file
/data/etc/security/auth/passwd.basic;
proxy_pass https://mail-secure;
proxy_set_header Host $host:12345;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
}
Now, if a visitor:
(1) enters bad (or no) crendentials
(2) clicks "Cancel" on the BASIC auth dialog box
the site displays a
"401 Authorization Required"
page.
Instead, I want to add a rewrite on failed authorization.
If I try:
location / {
root /dev/null;
auth_basic "Restricted Remote";
auth_basic_user_file
/data/etc/security/auth/passwd.basic;
+ error_page 401 = @redirect;
proxy_pass https://mail-secure;
proxy_set_header Host $host:12345;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
}
+ location @redirect {
+ rewrite ^(.*)$ http://someothersite.com permanent;
+ }
I get the redirect on EVERY visit -- never even getting the chance to
enter credentials; i.e., the rewrite happens apparently BEFORE the auth
step.
I think this may be because:
@
http://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_Client_Error
401 UnauthorizedSimilar to 403 Forbidden, but
specifically for use when authentication is required and
has failed or **HAS NOT YET BEEN PROVIDED**.[2] The
response must include a WWW-Authenticate header field
containing a challenge applicable to the requested
resource. See Basic access authentication and Digest
access authentication.
and that I may have do the @redirect only if some header says "failed".
How do I redirect ONLY if there's been a failed AUTH?
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
