auth_basic and satisfy allowing all traffic
Francis Daly
francis at daoine.org
Fri Apr 14 00:17:53 UTC 2017
On Thu, Apr 13, 2017 at 05:26:35PM -0400, daveyfx wrote:
Hi there,
> However, if I added the
> satisfy/allow/deny directives above, it seems that ALL traffic is allowed in
> without prompting for auth.
It works for me.
Can you provide a complete config that shows the problem you report?
What I have is:
==
server {
listen 8080;
satisfy any;
allow 127.0.0.1/32;
allow 127.0.0.2/32;
deny all;
auth_basic "Site Restricted";
auth_basic_user_file includes/htpasswd.site.dev.conf;
}
==
Then "curl -i http://127.0.0.2:8080/x" returns 200 with the content
of /usr/local/nginx/html/x, while "curl -i http://127.0.0.3:8080/x"
returns 401 with
WWW-Authenticate: Basic realm="Site Restricted"
What do you see when you do that exact test?
How does it differ from the problem case you reported?
Cheers,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list