auth_request and nested locations
djczaski
djczaski at gmail.com
Tue Dec 11 11:52:46 UTC 2012
Thank you for the reply.
On Tue, Dec 11, 2012 at 3:28 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> Hello!
>
> On Mon, Dec 10, 2012 at 10:35:00PM -0500, djczaski wrote:
>
>> Except for a few exceptions, I want to require authentication for an
>> entire site. The safest place would be to put the auth_request
>> directive at the http level but there's no way to allow the
>> exceptions. If I put the auth_request in locations I'll need to
>> repeat it multiple times and that seems less maintainable because the
>> chance of it getting missed when new services are added or changed. Is
>> there a decent way of structuring the config file for an auth portion
>> of a site and an un auth'd side?
>
> There are two basic aproaches:
>
> 1) Use "auth_request off" to switch off auth when needed:
>
> auth_request /auth;
>
> location / {
> ...
> }
>
> location /no_auth_here/ {
> auth_request off;
> }
I didn't understand this was possible. I figured the auth_request
from the http level was "evaluated" first before looking at lower
levels. This is good to know.
> 2) Use nested locations for places which need auth, and
> explicitly configure locations without auth when needed:
>
> location / {
> auth_request /auth;
>
> location /some_nested_location_with_auth/ {
> ...
> }
> }
>
> location /no_auth_here/ {
> # no auth_request here
> }
This style seems best, but I read a post from Igor that said you can
not use nested locations except with regular expressions:
http://forum.nginx.org/read.php?2,174517,174534#msg-174534
Maybe I am miss understanding his statement.
Thanks.
> --
> Maxim Dounin
> http://nginx.com/support.html
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list