Is there a method to allow a particular user agent access to a server rule that uses the access and auth basic module?
Maxim Dounin
mdounin at mdounin.ru
Fri Sep 2 08:31:05 UTC 2011
Hello!
On Fri, Sep 02, 2011 at 04:27:08PM +0900, Zev Blut wrote:
> Hello,
>
> I have a configuration in a server rule that typically only allows
> access by either an auth basic request or by certain ip addresses.
>
> Something along the lines of this:
>
> server {
> listen 80;
>
> charset off;
> server_name authsite;
>
> satisfy any;
>
> auth_basic "Auth Message";
> auth_basic_user_file xyz.passwd;
>
> # Allow Internal Network
> allow 192.168.1.0/24;
> deny all;
>
> # many includes and location directives below
> }
>
>
> We have a use case were we need to allow an external agent to have
> access to this site.
> I'd rather not play whack-a-mole and keep adding ip addresses for this
> agent.
> At the same time I cannot give the agent an login and password, because
> we can't control the URLs.
>
> So I was wondering if there is a way to also allow access to this
> site based on the user agent?
>
> I tried using an if directive but that is not working.
Something like this should work:
server {
...
location / {
error_page 418 = @allowed;
if ($http_user_agent ~ something) {
return 418;
}
satisfy any;
allow ...
auth_basic ...
}
location @allowed {
# ...
}
}
Alternatively, you may use auth request module[1] and write something
like this:
server {
...
location / {
satisfy any;
allow ...
auth_basic ...
auth_request /auth;
}
location = /auth {
if ($http_user_agent ~ something) {
return 200;
}
return 403;
}
}
[1] http://mdounin.ru/hg/ngx_http_auth_request_module/
Maxim Dounin
More information about the nginx
mailing list