Trying to show http password for only certain IP blocks

Maxim Dounin mdounin at mdounin.ru
Fri Nov 12 03:23:21 MSK 2010


Hello!

On Thu, Nov 11, 2010 at 03:30:19PM -0800, Michael Shadle wrote:

> Below is our (scrubbed) configuration...
> 
> What we are trying to do is show an HTTP password prompt for people
> from IPs that are not "whitelisted"
> 
> We had found a blog post that had said this was possible using
> allow/deny/satisfy but it's not working.
> 
> Basically, can we get it so that it will show an HTTP auth prompt for
> all IPs other than:
> 
> 10.10.10.0/24
> 10.10.11.0/24
> 
> ?

[...]

>     satisfy any;
>     deny all;

-     deny all;
      allow 10.10.10.0/24;
      allow 10.10.11.0/24;
+     deny all;

Access module instructions are executed in order, so "deny all" 
specified first will just deny all.  If you want to allow some 
addresses - you have to do "allow" before "deny all".

>     allow 10.10.10.0/24;
>     allow 10.10.11.0/24;
>     auth_basic "test”
>     auth_basic_user_file /etc/nginx/confs/htpasswd.test;
>   }

Maxim Dounin



More information about the nginx mailing list