Return response from FasctCGI to nginx

Question

I am a FastCGI noob and i am facing a problem and some questions that i can't find any answers for, what I am trying to do is using FastCGI to process url credentials and either approve or deny for example this is the url. http://mydomain/myalias/image.jpg?key=ttttttttt

What I want to do is send the key argument to the fastCGI to do some processing and return to nginx either 200(OK) to serve the file or 403 (forbidden). here is my nginx configuration:

location /my_location/ {
    root   /var/www/html;
    index  index.html index.htm;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_param  SCRIPT_FILENAME  /etc/nginx/conf.d/process_request.php;
    fastcgi_param  QUERY_STRING $uri;
    fastcgi_param  KEY_VALUE $arg_key;
    include /etc/nginx/fastcgi_params;
}

And in my process_request.php file i can successfully read the KEY_VALUE using this:

$_SERVER['KEY_VALUE'];

What I want is to return response to nginx what I was trying is:

header("Status: 200 OK");

or

header("Status: 403 forbidden");

But the problem is it return a blank page with response code 200 or 403 Only without showing my image the browser. So what I am missing, I want to display the image when code is 200 ?

score 4 · Answer 1 · answered Nov 23 '15 at 13:55

Nginx has a feature that does exactly what you want and does not tie PHP up with serving static files.

auth_request

The ngx_http_auth_request_module module (1.5.4+) implements client authorization based on the result of a subrequest. If the subrequest returns a 2xx response code, the access is allowed. If it returns 401 or 403, the access is denied with the corresponding error code. Any other response code returned by the subrequest is considered an error.

Your config would look something like:

location /my_location/ {
  auth_request /access/auth;
  root   /var/www/html;
  index  index.html index.htm;
}

location /access/auth {
  fastcgi_pass   127.0.0.1:9000;
  fastcgi_param  SCRIPT_FILENAME  /etc/nginx/conf.d/process_request.php;
  fastcgi_param  QUERY_STRING $uri;
  fastcgi_param  KEY_VALUE $arg_key;
  include /etc/nginx/fastcgi_params;
}

In this scenario, your PHP script would just return 200 for authenticated, otherwise any other code (403) would return forbidden. You can also customise the 403 response appearance using something like error_page 403 = /forbidden.html

If PHP returns 200, then Nginx will allow the original request to continue and serve the image or other content directly from disk along with the correct headers for the image.

thank you, I've tried this but I have a problem that the fastcgi_param are passed empty to the php script. Is there a way to pass the get parameter to auth/request ? — Yasmin Reda, Nov 23 '15 at 20:01
I fixed it sending the entire uri then parsing the parameters from it in the php script fastcgi_param QUERY_STRING $request_uri; Thank You — Yasmin Reda, Nov 24 '15 at 09:26

score 2 · Accepted Answer · edited May 23 '17 at 11:51

2

Incase of response 200, you have to return the image instead of returning the status.

you can return the image this way : Return a PHP page as an image.

edited May 23 '17 at 11:51

Community

1
1

answered Nov 23 '15 at 12:14

Amr Magdy

1,710
11
13

Return response from FasctCGI to nginx

2 Answers2