nginx-防止缓存授权信息

nginx-防止缓存授权信息

我正在使用 nginx 作为我的 asp.net core web 应用程序的反向代理。我正在使用spnego 模块用于支持 Windows 集成身份验证的 nginx。它可以工作,但如果用户输入了错误的凭据,则不会再次提示凭据?而不是服务器发送响应“401 需要授权”。我该如何解决这个问题?

nginx config:
server {
    listen       80;
    server_name  irm-nginx.irm.local;
    auth_gss on;
    auth_gss_realm IRM.LOCAL;
    auth_gss_format_full on;
    auth_gss_keytab /etc/nginx/user.keytab;
    auth_gss_service_name HTTP/irm-nginx.irm.local;

    location / {
        #root   /usr/share/nginx/html;
        #index  index.html index.htm;
        proxy_pass http://irmweb:80;
        proxy_http_version  1.1;
        proxy_cache_bypass  $http_upgrade;
        proxy_set_header Upgrade        $http_upgrade;
        proxy_set_header Connection        "upgrade";
        proxy_set_header Host              $host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host  $host;
        proxy_set_header X-Forwarded-Port  $server_port;
        proxy_set_header X-Forwarded-User $remote_user;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

答案1

您可以使用变量和一些检查来绕过 POST 或某些页面上的缓存。例如:

在您的服务器块中:

# Caching
set $skip_cache 0;

# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
        set $no_cache 1;
}
if ($query_string != "") {
  set $skip_cache 1;
}

# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
  set $skip_cache 1;
}

然后在启用缓存的位置块中添加以下内容:

fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;

上面的例子适用于 WordPress,但您可以对其进行调整以适用于您的应用程序。

相关内容