IP-based HTTP auth

Hello, I’m trying to implement HTTP auth, but want to limit it by IP.
That is, users originating from our office IP should not have to enter a
password, but everyone else should. I tried the following but with no
luck:

limit_except GET {
allow 192.1.1.1;
auth_basic “Restricted”;
auth_basic_user_file /usr/local/nginx/conf/htpasswd;
deny all;
}

Auth does not work in the scope of if, what else can I do? Thanks.

Auth does not work in the scope of if, what else can I do? Thanks.

You are missing ‘satisfy any;’
Try this:

location / {
satisfy any;

allow 192.1.1.1;
auth_basic “Restricted”;
auth_basic_user_file /usr/local/nginx/conf/htpasswd;

deny all;
}

Reinis R. wrote:

Auth does not work in the scope of if, what else can I do? Thanks.

You are missing ‘satisfy any;’
Try this:

location / {
satisfy any;

allow 192.1.1.1;
auth_basic “Restricted”;
auth_basic_user_file /usr/local/nginx/conf/htpasswd;

deny all;
}

That doesn’t seem to work, I simply get a 403 forbidden for any request.
It looks like there’s a related thread:
http://www.ruby-forum.com/topic/165862
Unfortunately I didn’t quite understand Igor’s suggestions there or
whether lhmwzy’s problem was resolved or not.

I just found out that if I remove the location block everything works
fine!