auth_request and nested locations

Maxim Dounin mdounin at mdounin.ru
Tue Dec 11 08:28:08 UTC 2012


Hello!

On Mon, Dec 10, 2012 at 10:35:00PM -0500, djczaski wrote:

> Except for a few exceptions, I want to require authentication for an
> entire site.  The safest place would be to put the auth_request
> directive at the http level but there's no way to allow the
> exceptions. If I put the auth_request in locations I'll need to
> repeat it multiple times and that seems less maintainable because the
> chance of it getting missed when new services are added or changed. Is
> there a decent way of structuring the config file for an auth portion
> of a site and an un auth'd side?

There are two basic aproaches:

1) Use "auth_request off" to switch off auth when needed:

    auth_request /auth;

    location / {
        ...
    }

    location /no_auth_here/ {
        auth_request off;
    }

2) Use nested locations for places which need auth, and 
explicitly configure locations without auth when needed:

    location / {
        auth_request /auth;

        location /some_nested_location_with_auth/ {
            ...
        }
    }

    location /no_auth_here/ {
        # no auth_request here
    }

-- 
Maxim Dounin
http://nginx.com/support.html



More information about the nginx mailing list