Is there a method to allow a particular user agent access to a server rule that uses the access and

Server NGINX
1

Hello,

I have a configuration in a server rule that typically only allows
access by either an auth basic request or by certain ip addresses.

Something along the lines of this:

 server {
     listen       80;

     charset off;
     server_name authsite;

     satisfy any;

     auth_basic "Auth Message";
     auth_basic_user_file xyz.passwd;

     # Allow Internal Network
     allow 192.168.1.0/24;
     deny all;

     # many includes and location directives below
 }

We have a use case were we need to allow an external agent to have
access to this site.
I’d rather not play whack-a-mole and keep adding ip addresses for this
agent.
At the same time I cannot give the agent an login and password, because
we can’t control the URLs.

So I was wondering if there is a way to also allow access to this site
based on the user agent?

I tried using an if directive but that is not working.

Thanks for any ideas

Zev B.
Cerego Japan Inc
Developer
Development / Technology

ゼブ ブルット
セレゴ・ジャパン株式会社
技術開発
開発者

Office : +81-3-3463-7266
Email : [email protected]

Corporate website: http://www.cerego.com
Core service website: http://iknow.jp

2

Hello!

On Fri, Sep 02, 2011 at 04:27:08PM +0900, Zev B. wrote:

    charset off;

So I was wondering if there is a way to also allow access to this
site based on the user agent?

I tried using an if directive but that is not working.

Something like this should work:

server {
    ...

    location / {
        error_page 418 = @allowed;

        if ($http_user_agent ~ something) {
            return 418;
        }

        satisfy any;

        allow ...
        auth_basic ...
    }

    location @allowed {
        # ...
    }
}

Alternatively, you may use auth request module[1] and write something
like this:

server {
    ...

    location / {
        satisfy any;

        allow ...
        auth_basic ...
        auth_request /auth;
    }

    location = /auth {
        if ($http_user_agent ~ something) {
            return 200;
        }
        return 403;
    }
}

[1] ngx_http_auth_request_module: log

Maxim D.

3

Hello,

On 09/02/2011 05:31 PM, Maxim D. wrote:

On Fri, Sep 02, 2011 at 04:27:08PM +0900, Zev B. wrote:

I tried using an if directive but that is not working.
allow …
}

[1] ngx_http_auth_request_module: log

Thanks for the link to the auth request module
That might serve my purposes best without have to refactor and duplicate
my configs as much as the extra location will.

Thanks,
Zev