Basic Auth only for external IPs and not localhost or LAN networks

António P. P. Almeida appa at perusio.net
Wed Feb 15 05:47:17 UTC 2012


On 15 Fev 2012 05h01 WET, appa at perusio.net wrote:

> On 15 Fev 2012 04h33 WET, quintinpar at gmail.com wrote:
>
>> Hi all,
>>
>> I have a location directive with basic auth in it.
>>
>> location / {
>>
>> auth_basic "Admin Login";
>>
>> auth_basic_user_file /etc/nginx/.htpasswd;
>> }
>
>> How do I specify a rule such that the basic auth is applied only to
>> external IPs and not to 127.0.0.x, 192.0.x & 10.0.x?
>>
>> I run Jenkins from a sub-domain and my git post-commit-hook needs
>> to hit a URL under this location directive to trigger continuous
>> integration. But this Jenkins cannot handle basic auth that blocks
>> the URL submit.
>>
>
> At the http level:
>
> geo $is_authorized {
> default 0;
> 127.0.0.1 1;
> 192.0.0.0/16 1;
> 10.0.0.0/16 1; 
> }
>

Also using auth_request (avoids duplicating the location):

location / {
    auth_basic "Admin Login";        
    auth_basic_user_file .htpasswd;
    satisfy any;
    auth_request /auth;

    # ... content handler directives here or default (static)
}

location /auth {
    if ($is_authorized) {
        return 200;
    }
    return 403;
}

--- appa



More information about the nginx mailing list