Hi all,
I have a location directive with basic auth in it.
location / {
auth_basic "Admin Login";
auth_basic_user_file /etc/nginx/.htpasswd;
How do I specify a rule such that the basic auth is applied only to
external IPs and not to 127.0.0.x, 192.0.x & 10.0.x?
I run Jenkins from a sub-domain and my git post-commit-hook needs to hit
a
URL under this location directive to trigger continuous integration. But
this Jenkins cannot handle basic auth that blocks the URL submit.
-Quintin
On 15 Fev 2012 04h33 WET, [email protected] wrote:
Hi all,
I have a location directive with basic auth in it.
location / {
auth_basic “Admin Login”;
auth_basic_user_file /etc/nginx/.htpasswd;
}
How do I specify a rule such that the basic auth is applied only to
external IPs and not to 127.0.0.x, 192.0.x & 10.0.x?
I run Jenkins from a sub-domain and my git post-commit-hook needs to
hit a URL under this location directive to trigger continuous
integration. But this Jenkins cannot handle basic auth that blocks
the URL submit.
At the http level:
geo $is_authorized {
default 0;
127.0.0.1 1;
192.0.0.0/16 1;
10.0.0.0/16 1;
}
On the vhost:
location / {
error_page 418 @no-auth;
if ($is_authorized) {
return 418;
}
auth_basic "Admin Login";
auth_basic_user_file .htpasswd;
# ... content handler directives here or default (static)
}
location @no-auth {
# … content handler directives here or default (static)
}
— appa
Hello!
On Wed, Feb 15, 2012 at 10:03:13AM +0530, Quintin P. wrote:
How do I specify a rule such that the basic auth is applied only to
external IPs and not to 127.0.0.x, 192.0.x & 10.0.x?
Use “satisfy any”, see
http://www.nginx.org/en/docs/http/ngx_http_core_module.html#satisfy
location / {
satisfy any;
auth_basic "Admin Login";
auth_basic_user_file /etc/nginx/.htpasswd;
allow 127.0.0.0/24;
allow 192.0.0.0/16;
allow 10.0.0.0/16;
deny all;
}
Just a side note: the “192.0.x” should probably be “192.168.x”
instead, but you should get the idea anyway.
Maxim D.
On 15 Fev 2012 05h01 WET, [email protected] wrote:
auth_basic_user_file /etc/nginx/.htpasswd;
At the http level:
geo $is_authorized {
default 0;
127.0.0.1 1;
192.0.0.0/16 1;
10.0.0.0/16 1;
}
Also using auth_request (avoids duplicating the location):
location / {
auth_basic “Admin Login”;
auth_basic_user_file .htpasswd;
satisfy any;
auth_request /auth;
# ... content handler directives here or default (static)
}
location /auth {
if ($is_authorized) {
return 200;
}
return 403;
}
— appa