access_log format $remote_user anonymous question

Francis Daly francis at
Thu Sep 22 07:25:24 UTC 2016

On Wed, Sep 21, 2016 at 05:28:26PM -0400, c0nw0nk wrote:

Hi there,

> Thanks for the information so based of what that resource says and from what
> I understand surely that field should only say "anonymous" or "username" if
> on those files / folders in my Nginx config I use "auth_basic" ?


That variable has a value if the request includes the Authorization
header that indicates Basic authentication.

It has a value whether or not the password provided is correct.

If you don't use auth_basic, or have not otherwise confirmed that the
provided password is valid and matches the username provided, then you
have no reason to believe that the provided name is "real".

> Because I don't use auth_basic anywhere would anything bad happen if I did
> the following.
> if($remote_user != "^$") { #Block requests where the user is not empty /
> missing
> return 444;
> }

"if" uses "=" for string match, and "~" for regex match.

So your idea is sound, but the implementation is wrong.

Francis Daly        francis at

More information about the nginx mailing list