howto create conditional basic authentication

[Maxim Dounin]

Hello!

On Fri, Feb 05, 2010 at 11:23:47PM +0100, Paul Swielingen wrote:

> I have an operational NGINX server with e few dozen location {}
> definitions
> 
> When a connection is made from an internal network towards the server
> the client browser gets all the pages. Now I like to add external
> access, but I need to require basic authentication. Can this be done
> without duplication of these few dozen location {} definitions or ???

Try this at server level:

    satisfy any;

    # allow internal networks
    allow 10.0.0.0/8;
    deny all;

    # allow authenticated users
    auth_basic ...
    auth_basic_user_files ...

Wiki has no up-to-date information about satisfy directive 
(0.6.25+), but it's basically the same as deprecated satisfy_any 
as described here:

http://wiki.nginx.org/NginxHttpCoreModule#satisfy_any

Original documentation (in Russian) is here:

http://sysoev.ru/nginx/docs/http/ngx_http_core_module.html#satisfy

To Igor: docs lists only "location" context for satisfy directive, 
while it's allowed at http and server level.  Could you please fix 
it?

Maxim Dounin