limit_except - require trusted ip AND auth vs. ip OR auth

Patrick 201904-nginx at jslf.app
Wed Jun 19 03:02:53 UTC 2019


On 2019-06-18 16:41, Matthias Müller wrote:
> 1) Permit POST, PUT if the request matches a trusted IP address OR
> Basic auth credentials (either-or)

Something like this will work:

map $remote_addr $is_admin {
   1.2.3.4 1;
   default 0;
}

map $is_admin$request_method $admin_required {
    "GET" 0;
    "HEAD" 0;
    "OPTIONS" 0;
    "~1.*" 0;
    default 1;
}

server {
    listen       80;
    server_name  localhost;
    access_log   /var/log/nginx/access.log combined;

    location @loc_A {
        root /srv/www;
        try_files $uri =404;
    }

    location @loc_A_auth {
        auth_basic 'Restricted';
        auth_basic_user_file /etc/nginx/htpasswd;
        try_files /NO-SUCH-FILE @loc_A;
    }

    location /a {
        recursive_error_pages on;
        error_page 598 = @loc_A;
        error_page 599 = @loc_A_auth;
        if ( $admin_required ) {
            return 599;
        }

        return 598;
    }
}



More information about the nginx mailing list