$uid_reset
The $uid_reset variable indicates whether the UID of a request should be reset based on access control rules. — NGINX Core (HTTP)
Description
The $uid_reset variable is used in the context of access control within the NGINX server. It primarily serves to manage and control the resetting of user identifiers (UIDs) for incoming connections based on defined access rules. The variable is set to '1' when a request is denied based on matching access control criteria, such as IP address blocks defined by 'allow' and 'deny' directives. If the request is allowed, $uid_reset remains '0'. This behavior is crucial for applications that require logic to depend on whether a user connection has been denied, allowing customized responses or logging mechanisms to be implemented based on this state. The actual setting of the variable happens during the execution of the access module, particularly in the context of handling incoming requests. Specifically, if a rule explicitly denies access due to a certain condition, NGINX will update the $uid_reset variable to reflect this denial. Therefore, users of this variable in their configurations can use it to conditionally execute directives or to record specific cases when a user's UID is reset as a part of the access control logic, hence reinforcing security and management of access privileges effectively.
Config Example
http {
server {
location / {
allow 192.168.1.0/24;
deny all;
if ($uid_reset) {
return 403;
}
proxy_pass http://backend;
}
}
}Subsystem
httpCacheable
YesContexts
http, server, location, ifEnsure that the access rules are defined properly, as misconfiguration may lead to unexpected results in UID resetting.
Using this variable in contexts other than if may lead to unexpected behaviors since it's best suited for access control scenarios.