Skip to content

Commit 76b9424

Browse files
rydiaroadsmjang
rydiaroads
and
mjang
authored
edit to introduction, add new response codes section (#509)
* edits to introduction, added new response codes section * Apply suggestions from code review --------- Co-authored-by: Mike Jang <[email protected]>
1 parent 63f5490 commit 76b9424

File tree

1 file changed

+10
-3
lines changed

1 file changed

+10
-3
lines changed

content/nginx/admin-guide/security-controls/configuring-subrequest-authentication.md

+10-3
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,14 @@ type:
1212
<span id="intro"></span>
1313
## Introduction
1414

15-
NGINX and F5 NGINX Plus can authenticate each request to your website with an external server or service. To perform authentication, NGINX makes an HTTP subrequest to an external server where the subrequest is verified. If the subrequest returns a `2xx` response code, the access is allowed, if it returns `401` or `403`, the access is denied. Such type of authentication allows implementing various authentication schemes, such as multifactor authentication, or allows implementing LDAP or OAuth authentication.
15+
NGINX and F5 NGINX Plus can authenticate each request to your website with an external server or service. To perform authentication, NGINX makes an HTTP subrequest to an external server where it is verified. Such type of authentication allows implementing various authentication schemes, such as multifactor authentication, or allows implementing LDAP or OAuth authentication.
16+
17+
## Response Codes
18+
19+
Subrequest Response Codes:
20+
21+
- 2xx - access is allowed
22+
- 401, 403 - access is denied
1623

1724
## Prerequisites
1825

@@ -30,7 +37,7 @@ NGINX and F5 NGINX Plus can authenticate each request to your website with an ex
3037
3138
Skip this step for NGINX Plus as it already includes the auth_request module.
3239
33-
2. In the location that requires request authentication, specify the [auth_request](https://nginx.org/en/docs/http/ngx_http_auth_request_module.html#auth_request) directive in which specify an internal location where an authorization subrequest will be forwarded to:
40+
2. In the location that requires request authentication, specify the [auth_request](https://nginx.org/en/docs/http/ngx_http_auth_request_module.html#auth_request) directive and specify an internal location where an authorization subrequest will be forwarded to:
3441
3542
```nginx
3643
location /private/ {
@@ -51,7 +58,7 @@ NGINX and F5 NGINX Plus can authenticate each request to your website with an ex
5158
}
5259
```
5360
54-
4. As the request body is discarded for authentication subrequests, you will need to set the [proxy_pass_request_body](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_request_body) directive to `off` and also set the `Content-Length` header to a null string:
61+
4. As the request body is discarded for authentication subrequests, set the [proxy_pass_request_body](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_request_body) directive to `off` and also set the `Content-Length` header to a null string:
5562
5663
```nginx
5764
location = /auth {

0 commit comments

Comments
 (0)