Hi,
I appreciate this isn't technically related to Phalcon, but I'm hoping someone here might know the answer to this.
I've implemented auth_request
for a set of micro services I'm currently building and very much like this feature.
I am, however, having a bit of an issue with specifying what calls need the auth request based on the request method.
For example, I need to try and set up the following:
- GET /object - NO auth needed
- POST /object - auth needed
- PATCH /object - auth needed
I've normalised the endpoints for the sake of this example and there are more endpoints but this should be enough to explain the scenario.
I currently have the following:
location /object {
auth_request /auth;
auth_request_set $auth $upstream_http_x_auth;
proxy_pass https://object; # an upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Auth $auth;
proxy_set_header Host $http_host;
}
I tried using an IF statement but got errors because of auth_request
not being allowed there.
How can I make it so that the GET request doesn't go through the auth request?
Thanks, Gary