Restrict access problem


#1

I want to do a restrict access for URI contains xinxi,I do as follow:

location ~ xinxi {
            allow 10.68.49.21;
            auth_basic "need authried";
            auth_basic_user_file passwd;
            deny all;
    }

when I access http://10.66.23.102/bxzx/xinxi/ from 10.68.49.210,nginx
says “403 Forbidden”.
I think the rule checkorder is
first “allow 10.68.49.21;”
then " auth_basic “need authried”;auth_basic_user_file passwd;"
last “deny all”
So when I access http://10.66.23.102/bxzx/xinxi/ from
10.68.49.210,nginx should prompt me to input username and password.
Am I right?


#2

2008/9/16 lhmwzy removed_email_address@domain.invalid:

says “403 Forbidden”.
I think the rule checkorder is
first “allow 10.68.49.21;”
then " auth_basic “need authried”;auth_basic_user_file passwd;"
last “deny all”
So when I access http://10.66.23.102/bxzx/xinxi/ from
10.68.49.210,nginx should prompt me to input username and password.
Am I right?

Also I know the config
location ~ xinxi {
satisfy any;
allow 10.68.49.21;
auth_basic “need authried”;
auth_basic_user_file passwd;
deny all;
}
can do the job well.


#3

On Tue, Sep 16, 2008 at 10:59:50PM +0800, lhmwzy wrote:

when I access http://10.66.23.102/bxzx/xinxi/ from 10.68.49.210,nginx
location ~ xinxi {
satisfy any;
allow 10.68.49.21;
auth_basic “need authried”;
auth_basic_user_file passwd;
deny all;
}
can do the job well.

No, the rule order is

  any allow/deny
  then auth_basic

#4

2008/9/16 Igor S. removed_email_address@domain.invalid:

   }

No, the rule order is

 any allow/deny
 then auth_basic


Igor S.
http://sysoev.ru/en/

OK,let’s do as you say:
location ~ xinxi {
allow 10.68.49.21;
deny all;
auth_basic “need authried”;
auth_basic_user_file passwd;
}

Also get
403 Forbidden
Should get a prompt the enter username and password?
BTW,I use 0.6.32.


#5

I think when client ip address isn’t 10.68.49.21,then should prompt
the enter username and password.if the username and password isn’t
right,the last should deny access or display not authroised.


#6

On Tue, Sep 16, 2008 at 11:35:22PM +0800, lhmwzy wrote:

I think when client ip address isn’t 10.68.49.21,then should prompt
the enter username and password.if the username and password isn’t
right,the last should deny access or display not authroised.

This is controlled by “satisfy any|all” directive.


#7

Tks for reply.

2008/9/16 Igor S. removed_email_address@domain.invalid:


#8

On Tue, Sep 16, 2008 at 11:32:29PM +0800, lhmwzy wrote:

           deny all;

Am I right?

403 Forbidden
Should get a prompt the enter username and password?
BTW,I use 0.6.32.

No. You should use “satisfy any” for this.