Having the authentication server handling the 429_TOO_MANY_REQUESTS,
allows it to accommodate users with varying limits;
e.g. user1 is allowed 3 requests per second, and user2 is allowed 10 r/s.
The auth_request location can still specify the cache times of the responses
to whatever is wanted, like so:
location = /auth {
internal;
proxy_pass http://localhost:8888/auth;
proxy_pass_request_body off; # no need to send the POST body
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-Method $request_method;
proxy_cache AUTH;
proxy_cache_valid 200 10m;
proxy_cache_valid 401 403 1m;
proxy_cache_valid 429 1s;
proxy_cache_use_stale timeout updating http_500 http_502;
proxy_cache_lock on;
proxy_cache_key $request_method$request_uri$http_authorization;
}
# HG changeset patch
# User Anders L. V. Nicolaisen <a...@alvn.dk>
# Date 1665061111 0
# Thu Oct 06 12:58:31 2022 +0000
# Node ID 1d2e22110b6abe7476417d925cc39178c6bd7d9e
# Parent ba5cf8f73a2d0a3615565bf9545f3d65216a0530
[nginx] allowing auth_request to proxy TOO_MANY_REQUESTS
diff -r ba5cf8f73a2d -r 1d2e22110b6a
src/http/modules/ngx_http_auth_request_module.c
--- a/src/http/modules/ngx_http_auth_request_module.c Thu Sep 08 13:53:49
2022 +0400
+++ b/src/http/modules/ngx_http_auth_request_module.c Thu Oct 06 12:58:31
2022 +0000
@@ -138,6 +138,10 @@
return ctx->status;
}
+ if (ctx->status == NGX_HTTP_TOO_MANY_REQUESTS) {
+ return ctx->status;
+ }
+
if (ctx->status == NGX_HTTP_UNAUTHORIZED) {
sr = ctx->subrequest;
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-le...@nginx.org
