Basic Auth only for external IPs and not localhost or LAN networks
António P. P. Almeida
appa at perusio.net
Wed Feb 15 05:47:17 UTC 2012
On 15 Fev 2012 05h01 WET, appa at perusio.net wrote:
> On 15 Fev 2012 04h33 WET, quintinpar at gmail.com wrote:
>
>> Hi all,
>>
>> I have a location directive with basic auth in it.
>>
>> location / {
>>
>> auth_basic "Admin Login";
>>
>> auth_basic_user_file /etc/nginx/.htpasswd;
>> }
>
>> How do I specify a rule such that the basic auth is applied only to
>> external IPs and not to 127.0.0.x, 192.0.x & 10.0.x?
>>
>> I run Jenkins from a sub-domain and my git post-commit-hook needs
>> to hit a URL under this location directive to trigger continuous
>> integration. But this Jenkins cannot handle basic auth that blocks
>> the URL submit.
>>
>
> At the http level:
>
> geo $is_authorized {
> default 0;
> 127.0.0.1 1;
> 192.0.0.0/16 1;
> 10.0.0.0/16 1;
> }
>
Also using auth_request (avoids duplicating the location):
location / {
auth_basic "Admin Login";
auth_basic_user_file .htpasswd;
satisfy any;
auth_request /auth;
# ... content handler directives here or default (static)
}
location /auth {
if ($is_authorized) {
return 200;
}
return 403;
}
--- appa
More information about the nginx
mailing list