auth_basic and satisfy allowing all traffic

Francis Daly francis at
Sat Apr 15 08:32:34 UTC 2017

On Fri, Apr 14, 2017 at 03:26:41PM -0400, daveyfx wrote:

Hi there,

> I tested the same server configuration as your example, but the testing VM
> produced the same results.  The satisfy/allow/deny directives allow
> bypassing of the basic_auth.  Once those entries have been commented out,
> auth works as expected.
> Would there be additional steps involved in determining if this is, in fact,
> a bug?

In this case, I suggest building a reproducible test case.

Assuming that you use "default" config files, then "nginx -V" will show
information about what version you are using; "nginx -T" will show the
configuration actually being used, and provide "curl -v" or "curl -i"
commands that show the unexpected behaviour. nginx logs for the requests
should also show what source IP address nginx thinks the requests are
coming from.

Copy-paste; do not re-type. Make it so that the differences between a
working and a failing system are obvious.

Good luck with it,

Francis Daly        francis at

More information about the nginx mailing list