Enforcing authentication requests for all resources under specific path

Jan Wrobel wrr at mixedbit.org
Thu Mar 29 17:21:05 UTC 2012


On Thu, Mar 29, 2012 at 4:44 PM, Igor Sysoev <igor at sysoev.ru> wrote:
> On Thu, Mar 29, 2012 at 04:32:32PM +0200, Jan Wrobel wrote:
>> Is there any better way?
>
> I believe the best way to configure is to set explicitly necessery
> directives in all locations where they are required. This leads to
> maintainable configuration.

In my case this is not too good option. I need authentication layer
configuration to be independent from applications configuration. In
case of authentication (not only auth request but also auth basic)
repeating configuration for each location, without 'catch them all'
rule could lead to holes that are hard to notice. For example if I
configure authentication correctly for blog/*html but forget to do it
for blog/*.png the mistake will likely be unnoticed :/

Anyway, if there are no other options, I'll try using auth_request in
server{} section.

Thanks,
Jan



More information about the nginx mailing list