limit_except - require trusted ip AND auth vs. ip OR auth
Patrick
201904-nginx at jslf.app
Wed Jun 19 03:12:57 UTC 2019
Forgot to update the second map; it should be:
map $is_admin$request_method $admin_required {
"0GET" 0;
"0HEAD" 0;
"0OPTIONS" 0;
"~1.*" 0;
default 1;
}
Patrick
On 2019-06-19 11:02, Patrick wrote:
> On 2019-06-18 16:41, Matthias Müller wrote:
> > 1) Permit POST, PUT if the request matches a trusted IP address OR
> > Basic auth credentials (either-or)
>
> Something like this will work:
>
> map $remote_addr $is_admin {
> 1.2.3.4 1;
> default 0;
> }
>
> map $is_admin$request_method $admin_required {
> "GET" 0;
> "HEAD" 0;
> "OPTIONS" 0;
> "~1.*" 0;
> default 1;
> }
>
> server {
> listen 80;
> server_name localhost;
> access_log /var/log/nginx/access.log combined;
>
> location @loc_A {
> root /srv/www;
> try_files $uri =404;
> }
>
> location @loc_A_auth {
> auth_basic 'Restricted';
> auth_basic_user_file /etc/nginx/htpasswd;
> try_files /NO-SUCH-FILE @loc_A;
> }
>
> location /a {
> recursive_error_pages on;
> error_page 598 = @loc_A;
> error_page 599 = @loc_A_auth;
> if ( $admin_required ) {
> return 599;
> }
>
> return 598;
> }
> }
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list