Trying to show http password for only certain IP blocks
Michael Shadle
mike503 at gmail.com
Fri Nov 12 02:30:19 MSK 2010
Below is our (scrubbed) configuration...
What we are trying to do is show an HTTP password prompt for people
from IPs that are not "whitelisted"
We had found a blog post that had said this was possible using
allow/deny/satisfy but it's not working.
Basically, can we get it so that it will show an HTTP auth prompt for
all IPs other than:
10.10.10.0/24
10.10.11.0/24
?
Thanks!
server {
listen 80;
server_name mysweetsite.com;
root /home/agate/web/mysweetsite;
index index.php index.html;
access_log /home/awesome/log/access.log;
error_log /home/awesome/log/error.log debug;
# set error_pages
error_page 500 /500.html;
error_page 501 /501.html;
error_page 502 /502.html;
error_page 503 /503.html;
error_page 504 /504.html;
error_page 550 /550.html;
set $translated_error_page en-us;
if ($request_uri ~ ^/fr-fr) { set $translated_error_page fr-fr; }
if ($request_uri ~ ^/ru-ru) { set $translated_error_page ru-ru; }
location = /500.html { try_files
/error_page/$translated_error_page$uri /error_page/en-us$uri; }
location = /501.html { try_files
/error_page/$translated_error_page$uri /error_page/en-us$uri; }
location = /502.html { try_files
/error_page/$translated_error_page$uri /error_page/en-us$uri; }
location = /503.html { try_files
/error_page/$translated_error_page$uri /error_page/en-us$uri; }
location = /504.html { try_files
/error_page/$translated_error_page$uri /error_page/en-us$uri; }
location = /550.html { try_files
/error_page/$translated_error_page$uri /error_page/en-us$uri; }
#set_real_ip_from 0.0.0.0/0;
real_ip_header X-Real-IP;
location / {
log_not_found off;
server_name_in_redirect off;
# try_files doesn’t work properly with drupal 6, so for now we use this
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php?q=$1 last;
}
location ~ /\.ht { deny all; }
location ~*
\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$
{
internal;
}
location ~ /blocked3/.* { internal; }
location ~ /blocked2/.* { internal; }
location ~ /blocked1/.* { internal; }
# expires
location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
expires max;
access_log off;
}
location /.hidden {
auth_basic "hidden";
auth_basic_user_file /etc/nginx/confs/htpasswd.hidden;
expires epoch;
add_header Cache-Control private;
}
satisfy any;
deny all;
allow 10.10.10.0/24;
allow 10.10.11.0/24;
auth_basic "test”
auth_basic_user_file /etc/nginx/confs/htpasswd.test;
}
location ~ \.php$ {
include /etc/nginx/confs/fastcgi.conf;
fastcgi_pass 127.0.0.1:11039;
}
rewrite ^/awesome$ /awesome/ permanent;
rewrite ^/$ /en-us/ permanent;
}
More information about the nginx
mailing list