CERBERUS/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2026-05-13 09:36:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Support 407 code in "satisfy any" and "auth_delay"

Browse source 
Notably, "auth_delay" now delays the response for both 401 and 407.
Also, in the "satisfy any" mode, the next access/auth attempt is made
for 401, 403 and 407.
This commit is contained in:
Roman Arutyunyan 2026-05-07 14:08:25 +04:00 committed by Roman Arutyunyan
parent 4e9289e51a
commit 631bfa194d
1 changed files with 24 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

32
src/http/ngx_http_core_module.c
View file

@ -1155,8 +1155,13 @@ ngx_http_core_access_phase(ngx_http_request_t *r, ngx_http_phase_handler_t *ph)
return NGX_AGAIN;
}
if (rc == NGX_HTTP_FORBIDDEN || rc == NGX_HTTP_UNAUTHORIZED) {
if (r->access_code != NGX_HTTP_UNAUTHORIZED) {
if (rc == NGX_HTTP_FORBIDDEN
|| rc == NGX_HTTP_UNAUTHORIZED
|| rc == NGX_HTTP_PROXY_AUTH_REQUIRED)
{
if (r->access_code != NGX_HTTP_UNAUTHORIZED
&& r->access_code != NGX_HTTP_PROXY_AUTH_REQUIRED)
{
r->access_code = rc;
}
@ -1167,7 +1172,8 @@ ngx_http_core_access_phase(ngx_http_request_t *r, ngx_http_phase_handler_t *ph)
/* rc == NGX_ERROR || rc == NGX_HTTP_... */
if (rc == NGX_HTTP_UNAUTHORIZED) {
if (rc == NGX_HTTP_UNAUTHORIZED || rc == NGX_HTTP_PROXY_AUTH_REQUIRED) {
r->access_code = rc;
return ngx_http_core_auth_delay(r);
}
@ -1188,17 +1194,19 @@ ngx_http_core_post_access_phase(ngx_http_request_t *r,
access_code = r->access_code;
if (access_code) {
r->access_code = 0;
if (access_code == NGX_HTTP_FORBIDDEN) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"access forbidden by rule");
}
if (access_code == NGX_HTTP_UNAUTHORIZED) {
if (access_code == NGX_HTTP_UNAUTHORIZED
|| access_code == NGX_HTTP_PROXY_AUTH_REQUIRED)
{
return ngx_http_core_auth_delay(r);
}
r->access_code = 0;
ngx_http_finalize_request(r, access_code);
return NGX_OK;
}
@ -1211,12 +1219,16 @@ ngx_http_core_post_access_phase(ngx_http_request_t *r,
static ngx_int_t
ngx_http_core_auth_delay(ngx_http_request_t *r)
{
ngx_int_t access_code;
ngx_http_core_loc_conf_t *clcf;
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
if (clcf->auth_delay == 0) {
ngx_http_finalize_request(r, NGX_HTTP_UNAUTHORIZED);
access_code = r->access_code;
r->access_code = 0;
ngx_http_finalize_request(r, access_code);
return NGX_OK;
}
@ -1252,6 +1264,7 @@ ngx_http_core_auth_delay(ngx_http_request_t *r)
static void
ngx_http_core_auth_delay_handler(ngx_http_request_t *r)
{
ngx_int_t access_code;
ngx_event_t *wev;
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
@ -1268,7 +1281,10 @@ ngx_http_core_auth_delay_handler(ngx_http_request_t *r)
return;
}
ngx_http_finalize_request(r, NGX_HTTP_UNAUTHORIZED);
access_code = r->access_code;
r->access_code = 0;
ngx_http_finalize_request(r, access_code);
}