auth_basic and satisfy allowing all traffic

Francis Daly francis at
Fri Apr 14 00:17:53 UTC 2017

On Thu, Apr 13, 2017 at 05:26:35PM -0400, daveyfx wrote:

Hi there,

> However, if I added the
> satisfy/allow/deny directives above, it seems that ALL traffic is allowed in
> without prompting for auth.

It works for me.

Can you provide a complete config that shows the problem you report?

What I have is:

  server {
    listen 8080;
    satisfy any;
    deny all;
    auth_basic "Site Restricted";
    auth_basic_user_file includes/;

Then "curl -i" returns 200 with the content
of /usr/local/nginx/html/x, while "curl -i"
returns 401 with

WWW-Authenticate: Basic realm="Site Restricted"

What do you see when you do that exact test?

How does it differ from the problem case you reported?


Francis Daly        francis at

More information about the nginx mailing list