Hello!
On Mon, Dec 24, 2018 at 03:38:00AM +0800, 洪志道 wrote:
> Hi.
>
> I'm wondering the reason of ignoring subrequests in access phase hander.
> Can anyone explain it to me?
>
> 1069 ngx_int_t
> 1070 ngx_http_core_access_phase(ngx_http_request_t *r,
> ngx_http_phase_handler_t *ph)
> 1071 {
> 1072 ngx_int_t rc;
> 1073 ngx_http_core_loc_conf_t *clcf;
> 1074
> 1075 if (r != r->main) {
> 1076 r->phase_handler = ph->next;
> 1077 return NGX_AGAIN;
> 1078 }
> 1079
Access checks are expected to apply to the main request, but make
little to no sense for subrequests. E.g., if you are using
IP-based restrictions or Basic HTTP authentication, both are
exactly identical for the main request and subrequests. As such,
it is enough to do the checks for the main request only, and this
is what nginx does.
Note that it implies that access restrictions configured for the
main requests are expected to be enough for all subrequests it can
initiate.
--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
