Trying to show http password for only certain IP blocks

Michael Shadle mike503 at gmail.com
Fri Nov 12 02:30:19 MSK 2010


Below is our (scrubbed) configuration...

What we are trying to do is show an HTTP password prompt for people
from IPs that are not "whitelisted"

We had found a blog post that had said this was possible using
allow/deny/satisfy but it's not working.

Basically, can we get it so that it will show an HTTP auth prompt for
all IPs other than:

10.10.10.0/24
10.10.11.0/24

?

Thanks!


server {
  listen 80;
  server_name mysweetsite.com;
  root /home/agate/web/mysweetsite;
  index index.php index.html;

  access_log /home/awesome/log/access.log;
  error_log /home/awesome/log/error.log debug;

  # set error_pages
  error_page 500 /500.html;
  error_page 501 /501.html;
  error_page 502 /502.html;
  error_page 503 /503.html;
  error_page 504 /504.html;
  error_page 550 /550.html;

  set $translated_error_page en-us;

  if ($request_uri ~ ^/fr-fr) { set $translated_error_page fr-fr; }
  if ($request_uri ~ ^/ru-ru) { set $translated_error_page ru-ru; }

  location = /500.html { try_files
/error_page/$translated_error_page$uri /error_page/en-us$uri; }
  location = /501.html { try_files
/error_page/$translated_error_page$uri /error_page/en-us$uri; }
  location = /502.html { try_files
/error_page/$translated_error_page$uri /error_page/en-us$uri; }
  location = /503.html { try_files
/error_page/$translated_error_page$uri /error_page/en-us$uri; }
  location = /504.html { try_files
/error_page/$translated_error_page$uri /error_page/en-us$uri; }
  location = /550.html { try_files
/error_page/$translated_error_page$uri /error_page/en-us$uri; }

  #set_real_ip_from 0.0.0.0/0;
  real_ip_header X-Real-IP;

  location / {
    log_not_found off;
    server_name_in_redirect off;

    # try_files doesn’t work properly with drupal 6, so for now we use this
    if (!-e $request_filename) {
      rewrite ^/(.*)$ /index.php?q=$1 last;
    }

    location ~ /\.ht { deny all; }
    location ~*
\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$
{
      internal;
    }

    location ~ /blocked3/.* { internal; }
    location ~ /blocked2/.* { internal; }
    location ~ /blocked1/.* { internal; }

    # expires
    location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
      expires max;
      access_log off;
    }

    location /.hidden {
      auth_basic "hidden";
      auth_basic_user_file /etc/nginx/confs/htpasswd.hidden;
      expires epoch;
      add_header Cache-Control private;
    }

    satisfy any;
    deny all;
    allow 10.10.10.0/24;
    allow 10.10.11.0/24;
    auth_basic "test”
    auth_basic_user_file /etc/nginx/confs/htpasswd.test;
  }

  location ~ \.php$ {
    include /etc/nginx/confs/fastcgi.conf;
    fastcgi_pass 127.0.0.1:11039;
  }

  rewrite ^/awesome$ /awesome/ permanent;
  rewrite ^/$ /en-us/ permanent;
}



More information about the nginx mailing list