Skip to content



mod_auth_request supports sending request to the specified service for authentication.

Module Configuration



Config Item Description
Basic.DataPath String
Path of rule configuration
Basic.AuthAddress String
Address of authentication service
Basic.AuthTimeout Number
Timeout for authentication
Log.OpenDebug Boolean
Whether enable debug log
Default False


DataPath = mod_auth_request/
AuthAddress =
AuthTimeout = 100

OpenDebug = false

Rule Configuration


Config Item Description
Version String
Version of config file
Config Object
Request auth rules for each product
Config{k} String
Product name
Config{v} Object
A list of request auth rules
Config{v}[] Object
A request auth rule
Config{v}[].Cond String
Condition expression, See Condition
Config{v}[].Enable Boolean
Whether enable request auth rule


    "Config": {
        "example_product": [
                "Cond": "req_path_in(\"/auth_request\", false)",
                "Enable": true
    Version": "20190101000000"

For example_product, for request to path /auth_request (e.g.,, BFE will create a request and send it to for authentication.


Action Condition
Forbid Response status code is 401 or 403
Pass Response status code is 200 or other


Metric Description
AUTH_REQUEST_CHECKED Counter for checked request
AUTH_REQUEST_PASS Counter for passed request
AUTH_REQUEST_FORBIDDEN Counter for forbidden request
AUTH_REQUEST_UNAUTHORIZED Counter for unauthorized request
AUTH_REQUEST_FAIL Counter for failed request
AUTH_REQUEST_UNCERTAIN Counter for uncertain request

Illustration of how BFE create auth request

  • Method: Request Method of HTTP Request created by BFE is GET
  • Header: The request header created by the BFE is originated from the original request, but BFE makes following changes to the request:
  • Delete following headers: Content-Length/Connection/Keep-Alive/Proxy-Authenticate/Proxy-Authorization/Te/Trailers/Transfer-Encoding/Upgrade
  • Add following headers: X-Forwarded-Method(Original Request Method)、X-Forwarded-Uri(Original Request URI)
  • Body: Body of HTTP Request created by BFE is null