Nginx auth_request 处理程序访问 POST 请求正文? [英] Nginx auth_request handler accessing POST request body?

问题描述

我使用 Nginx(1.9.9 版)作为后端服务器的反向代理.它需要根据POST请求的内容进行认证/授权.我在我的 auth_request 处理程序中读取 POST 请求正文时遇到问题.这是我得到的.

I'm using Nginx (version 1.9.9) as a reverse proxy to my backend server. It needs to perform authentication/authorization based on the contents of the POST requests. And I'm having trouble reading the POST request body in my auth_request handler. Here's what I got.

Nginx 配置(相关部分):

Nginx configuration (relevant part):

server {
    location / {
        auth_request /auth-proxy;
        proxy_pass http://backend/;
    }

    location = /auth-proxy {
        internal;
        proxy_pass http://auth-server/;
        proxy_pass_request_body on;
        proxy_no_cache "1";
    }
}

在我的身份验证服务器代码(Python 2.7)中，我尝试像这样读取请求正文:

And in my auth-server code (Python 2.7), I try to read the request body like this:

class AuthHandler(BaseHTTPServer.BaseHTTPRequestHandler):
    def get_request_body(self):
        content_len = int(self.headers.getheader('content-length', 0))
        content = self.rfile.read(content_len)
        return content

我打印了 content_len 并且它有正确的值.但是， self.rfile.read() 只会挂起.最终它会超时并返回[Errno 32] Broken pipe".

I printed out the content_len and it had the correct value. However, the self.rfile.read() will simply hang. And eventually it will time out and returns "[Errno 32] Broken pipe".

这是我将测试数据发布到服务器的方式:

This is how I posted test data to the server:

$ curl --data '12345678' localhost:1234

上述命令也挂起并最终超时并打印正在关闭连接 0".

The above command hangs as well and eventually times out and prints "Closing connection 0".

我在做什么有什么明显的错误吗?

Any obvious mistakes in what I'm doing?

非常感谢！

推荐答案

nginx-auth-request-module的代码为在 nginx.com 上注释.该模块始终用空缓冲区替换 POST 正文.

The code of the nginx-auth-request-module is annotated at nginx.com. The module always replaces the POST body with an empty buffer.

在其中一个教程中，他们解释原因，说明:

In one of the tutorials, they explain the reason, stating:

由于请求正文被丢弃用于身份验证子请求，您将需要将 proxy_pass_request_body 指令设置为 off 并设置Content-Length 头为空字符串

As the request body is discarded for authentication subrequests, you will need to set the proxy_pass_request_body directive to off and also set the Content-Length header to a null string

这样做的原因是身份验证子请求是通过 HTTP GET 方法发送的，而不是 POST.由于 GET 没有正文，因此丢弃正文.现有模块的唯一解决方法是从请求正文中提取所需信息并将其放入传递给身份验证服务的 HTTP 标头中.

The reason for this is that auth subrequests are sent at HTTP GET methods, not POST. Since GET has no body, the body is discarded. The only workaround with the existing module would be to pull the needed information from the request body and put it into an HTTP header that is passed to the auth service.

这篇关于Nginx auth_request 处理程序访问 POST 请求正文?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！