I am using basic auth + $remote_user variable send to the back-end
application to change context depending on the logged-in user.
The thing is, even if the page rendered by the back-end uses nginx user
authentication, resources from a directory are still allowed for
everyone.
My ‘documents’ directory is sorted as follows:
documents/
abc/ --> stores content for user ‘abc’
def/ --> stores content for user ‘def’
…
I tried the following:
location ^~ /documents/(\w+) {
if ($1 != $remote_user) {
return 503;
}
}
But Nginx refuses to validate configuration:
nginx: [emerg] unknown “1” variable
nginx: configuration file /etc/nginx/nginx.conf test failed
Does the ‘if’ directive have an environment isolated for the on of the
‘location’ directive?
Am I using wrong syntax?
Is there a ‘IfIsEvil’ case corresponding to my needs to avoid the use of
the ‘if’ directive?