Skip to content

edit to introduction, add new response codes section #509

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
May 6, 2025
Merged

edit to introduction, add new response codes section #509

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
87a9bcd
edits to introduction, added new response codes section
rydiaroads May 4, 2025
b10bef4
Apply suggestions from code review
mjang May 6, 2025
f0f96f3
Merge branch 'main' into main
mjang May 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 10 additions & 3 deletions ...nt/nginx/admin-guide/security-controls/configuring-subrequest-authentication.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,14 @@ type:
<span id="intro"></span>
## Introduction

NGINX and F5 NGINX Plus can authenticate each request to your website with an external server or service. To perform authentication, NGINX makes an HTTP subrequest to an external server where the subrequest is verified. If the subrequest returns a `2xx` response code, the access is allowed, if it returns `401` or `403`, the access is denied. Such type of authentication allows implementing various authentication schemes, such as multifactor authentication, or allows implementing LDAP or OAuth authentication.
NGINX and F5 NGINX Plus can authenticate each request to your website with an external server or service. To perform authentication, NGINX makes an HTTP subrequest to an external server where it is verified. Such type of authentication allows implementing various authentication schemes, such as multifactor authentication, or allows implementing LDAP or OAuth authentication.

## Response Codes

Subrequest Response Codes:

- 2xx - access is allowed
- 401, 403 - access is denied

## Prerequisites

Expand All @@ -30,7 +37,7 @@ NGINX and F5 NGINX Plus can authenticate each request to your website with an ex

Skip this step for NGINX Plus as it already includes the auth_request module.

2. In the location that requires request authentication, specify the [auth_request](https://nginx.org/en/docs/http/ngx_http_auth_request_module.html#auth_request) directive in which specify an internal location where an authorization subrequest will be forwarded to:
2. In the location that requires request authentication, specify the [auth_request](https://nginx.org/en/docs/http/ngx_http_auth_request_module.html#auth_request) directive and specify an internal location where an authorization subrequest will be forwarded to:

```nginx
location /private/ {
Expand All @@ -51,7 +58,7 @@ NGINX and F5 NGINX Plus can authenticate each request to your website with an ex
}
```

4. As the request body is discarded for authentication subrequests, you will need to set the [proxy_pass_request_body](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_request_body) directive to `off` and also set the `Content-Length` header to a null string:
4. As the request body is discarded for authentication subrequests, set the [proxy_pass_request_body](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_request_body) directive to `off` and also set the `Content-Length` header to a null string:

```nginx
location = /auth {
Expand Down