limit_except - require trusted ip AND auth vs. ip OR auth
Matthias Müller
matthias_mueller at tu-dresden.de
Fri Jun 21 07:28:48 UTC 2019
Hi Maxim,
works like a charm!
Thanks,
Matthias
Am Mittwoch, den 19.06.2019, 15:33 +0300 schrieb Maxim Dounin:
> Hello!
>
> On Tue, Jun 18, 2019 at 04:41:51PM +0200, Matthias Müller wrote:
>
> > I would like to constrain HTTP access (PUT, POST) to an NGINX
> > server
> > for specific locations.
> >
> > There are two cases:
> >
> > 1) Permit POST, PUT if the request matches a trusted IP address OR
> > Basic auth credentials (either-or)
> > 2) Permit POST, PUT if the request matches a trusted IP address AND
> > Basic auth credentials (must match both)
> >
> >
> > The configuration for (2) is appended. But how can I achieve (1)?
> > It
> > seems that "satisfy any" cannot be included with "limit_except".
>
> While the "satisfy" directive cannot be used in limit_except
> blocks, the value set in the enclosing location still applies.
> So, you can do something like this:
>
> location /b {
> satisfy any;
>
> limit_except GET {
> allow 127.0.0.0/8;
> auth_basic "closed";
> auth_basic_user_file .htpasswd;
> }
>
> ...
> }
>
> This will allow request from specified IP addresses or with
> appropriate authentication.
>
More information about the nginx
mailing list