# ngx\_http\_auth\_request\_module

* [示例配置](#example_configuration)
* [指令](#directives)
  * [auth\_request](#auth_request)
  * [auth\_request\_set](#auth_request_set)

`ngx_http_auth_request_module` 模块（1.5.4+）基于子请求结果实现客户端授权。如果子请求返回一个 2xx 响应代码，则允许访问。如果返回 401 或 403，则拒绝访问并抛出相应的错误代码。子请求返回的任何其他响应代码被认为是一个错误。

对于 401 错误，客户端也从子请求响应中接收 **WWW-Authenticate** 头。

该模块不是默认构建，应该在构建时使用 `--with-http_auth_request_module` 配置参数启用。

该模块可以通过 [satisfy](https://docshome.gitbook.io/nginx-docs/he-xin-gong-neng/ngx_http_core_module#satisfy) 指令与其他访问模块（如 [ngx\_http\_access\_module](https://docshome.gitbook.io/nginx-docs/he-xin-gong-neng/http/ngx_http_access_module)、[ngx\_http\_auth\_basic\_module](https://docshome.gitbook.io/nginx-docs/he-xin-gong-neng/http/ngx_http_auth_basic_module) 和 [ngx\_http\_auth\_jwt\_module](https://docshome.gitbook.io/nginx-docs/he-xin-gong-neng/http/ngx_http_auth_jwt_module)）进行组合。

> 在 1.7.3 版本之前，无法缓存对授权子请求的响应（使用 [proxy\_cache](https://github.com/DocsHome/nginx-docs/tree/f6135c42a499e9fab0adb433738fcf8cd4041627/%E6%A8%A1%E5%9D%97%E5%8F%82%E8%80%83/http/ngx_http_proxy_module.html#proxy_cache)、[proxy\_store](https://github.com/DocsHome/nginx-docs/tree/f6135c42a499e9fab0adb433738fcf8cd4041627/%E6%A8%A1%E5%9D%97%E5%8F%82%E8%80%83/http/ngx_http_proxy_module.html#proxy_store) 等）。

## 示例配置 <a href="#example_configuration" id="example_configuration"></a>

```
location /private/ {
    auth_request /auth;
    ...
}

location = /auth {
    proxy_pass ...
    proxy_pass_request_body off;
    proxy_set_header Content-Length "";
    proxy_set_header X-Original-URI $request_uri;
}
```

## 指令 <a href="#directives" id="directives"></a>

### auth\_request

| -       | 说明                                |
| ------- | --------------------------------- |
| **语法**  | **auth\_request** `uri` \| `off`; |
| **默认**  | auth\_request off;                |
| **上下文** | http、server、location              |

启用基于子请求结果的授权，并设置发送子请求的 URI。

### auth\_request\_set

| -       | 说明                                         |
| ------- | ------------------------------------------ |
| **语法**  | **auth\_request\_set** `$variable value;`; |
| **默认**  | ——                                         |
| **上下文** | http                                       |

在授权请求完成后，将请求 `variable`（变量）设置为给定的 `value`（值）。该值可能包含授权请求中的变量，例如 `$upstream_http_*`。

## 原文档

<http://nginx.org/en/docs/http/ngx_http_auth_request_module.html>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docshome.gitbook.io/nginx-docs/he-xin-gong-neng/http/ngx_http_auth_request_module.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.