#801 closed defect (invalid)
auth_request and PUT/POST problems
| Reported by: | Florin Asăvoaie | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-module | Version: | 1.8.x |
| Keywords: | Cc: | ||
| uname -a: | Linux XXX 2.6.32-431.23.3.el6.x86_64 #1 SMP Wed Jul 16 06:12:23 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.8.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-11) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --add-module=/home/rpmbuild/rpmbuild/BUILD/naxsi-0.54rc3/naxsi_src --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_auth_request_module --with-http_geoip_module --with-file-aio --with-http_spdy_module --without-http_fastcgi_module --without-http_scgi_module --without-http_uwsgi_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' |
||
Description
I have the following configuration:
location /myapp {
auth_request /auth;
proxy_pass http://some-upstream;
}
location = /auth {
proxy_method GET;
proxy_pass_request_body off;
proxy_pass_request_headers off;
if ($cookie_auth) {
set $app_auth "Token $cookie_auth";
}
if ($http_authorize) {
set $app_auth $http_authorize;
}
proxy_set_header Authorize $app_auth;
proxy_set_header Host $host;
proxy_set_header Content-Length "";
proxy_cache proxyCacheAuth;
proxy_cache_key $remote_addr$host$app_auth;
proxy_cache_valid any 15m;
proxy_pass http://authupstream/random/url;
}
For some reasons, the subrequest for auth_request is being done and cached correctly and everything works fine with normal GET requests. However, when there is a POST or PUT request with some body, after the subrequest finishes, there is no request made to the upstream of the first location.
Attachments (1)
Change History (5)
comment:1 by , 9 years ago
by , 9 years ago
| Attachment: | debuglog.txt added |
|---|
comment:2 by , 9 years ago
I added the debug log. What I think that is strange in it is that, at least to my understanding, it tries to continue the main request even if it gets something other than 200 as HTTP code on the subrequest. What I can tell is that any POST/PUT request hangs no matter what the subrequest response is.
The only module we have compiled in is naxsi but it is not enabled for those locations. The debug log does not say anything about trying to call it either. We'll make a rebuild of nginx without that module in a bit and see if anything changes.
comment:3 by , 9 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
From the debug log it looks like a 3rd party module have read a request body in the rewrite phase (not something normally done, the body is expected to be read only at content phase), and failed to properly restore request handlers after this. That is, it's a naxsi bug.
The configuration snippet you've provided works fine here, and we also have automated tests to check
auth_requestagainst POST requests with bodies. The problem you are seeing may be related to some edge case or may be introduced by 3rd party modules you are using.Please try to reproduce the problem without any 3rd party modules / patches. If you'll be able to, please provide a debug log with a failed request.