<html><head></head><body><div dir="auto">That works wonderfully, thank you!</div><br><br><div class="gmail_quote"><div dir="auto">On May 27, 2024 6:48:40 AM UTC, J Carter <jordanc.carter@outlook.com> wrote:</div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail"><div dir="auto">Hello,<br><br>[...]<br><br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"><div dir="auto">```<br>The goal is to bypass SSO if a correct HTTP Basic Auth header is present while making sure connections are only from said IPs.<br><br>When I disable the IP check it works flawlessly. How could I separate these requirements?<br><br>So (SSO or Basic Auth) and Correct IP<br></div></blockquote><div dir="auto"><br>Just use the geo module and "if" to reject unwanted IPs.<br><br>"If" is evaluated prior to access & post_access phases, where auth_basic<br>and co are evaluated.<br><br>geo $allowed_ip {<br> xxx.xxx.xxx.xxx/24 1;<br> default 0;<br>}<br><br>...<br><br>location / {<br> if ($allowed_ip = 0) {<br> return 403;<br> }<br><br> ....rest of config without allow/deny.<br>}<hr>nginx mailing list<br>nginx@nginx.org<br><a href="https://mailman.nginx.org/mailman/listinfo/nginx">https://mailman.nginx.org/mailman/listinfo/nginx</a><br></div></pre></blockquote></div></body></html>