no basic auth from outside network

Steve steeeeeveee at gmx.net
Mon May 21 01:30:12 UTC 2012


-------- Original-Nachricht --------
> Datum: Sun, 20 May 2012 18:58:53 -0400 (EDT)
> Von: "rattus" <nginx-forum at nginx.us>
> An: nginx at nginx.org
> Betreff: Re: no basic auth from outside network

> After further testing, it's not the basic auth that's causing the
> problem... it's simply trying to access subdirectories from outside.
> Makes me thing I've messed something up in my nginx.conf:
> 
> 
> worker_processes  1;
> events {
>     worker_connections  64;
> }
> http {
>   ssl_ciphers
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-SHA;
>   ssl_prefer_server_ciphers on;
>   ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
>   ssl_session_timeout 5m;
> 
>  ## Timeouts 
>   keepalive_timeout       300 300;
> 
>  ## General Options
>   charset                 utf-8;
>   default_type            application/octet-stream;
>   ignore_invalid_headers  on;
>   types {
>     text/html	html;
>     image/gif	gif;
>     image/jpeg	jpg;
>   }
>   keepalive_requests      20;
>   max_ranges              0;
>   recursive_error_pages   on;
>   sendfile                on;
>   server_tokens           off;
>   source_charset          utf-8;
> 
>  ## Request limits
>   limit_req_zone  $binary_remote_addr  zone=fred:1m   rate=60r/m;
> 
>  ## Compression
>   gzip                 on;
>   gzip_static          on;
>   gzip_vary            on;
> 
>  ## Log Format
>   log_format  main  '$remote_addr $host $remote_user [$time_local]
> "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"
> $ssl_cipher $request_time';
> 
>  ## http .:. redirect to https
>   server {
>       access_log  /var/log/nginx/access.log main buffer=32k;
>       error_log   /var/log/nginx/error.log error;
>       expires     0;
>       limit_req   zone=fred burst=200 nodelay;
>       listen      80;
>       root        /var/empty;
>       rewrite ^ https://192.168.1.100$request_uri permanent;
>
Are you sure you want this rewrite to go from outside (aka: Internet) to an internal (aka: private network) address?


>   }
> 
>  ## https .:. (www.)example.com
>   server {
>       add_header Cache-Control "public";
>       add_header Strict-Transport-Security "max-age=315360000;
> includeSubdomains";
>       access_log  /var/log/nginx/access.log main buffer=32k;
>       error_log   /var/log/nginx/error.log error;
>       expires     max;
>       index       index.html;
>       limit_req   zone=fred burst=200 nodelay;
>       listen      443;
>       root        /var/www/htdocs;
>       server_name 192.168.1.100;
> 
>      ## Basic auth on test
>       location / { 
>       }
> 
>       location ^~ /test/ {
>         index	index.html;
>         auth_basic "Admin Login";
>         auth_basic_user_file .htpasswd;
>       }
>                                     
>       #!!! IMPORTANT !!! We need to hide the password file from prying
> eyes
>       # This will deny access to any hidden file (beginning with a
> .period)
>       location ~ /\. { deny  all; }
> 
>      ## SSL Certs
>       ssl on;
>       ssl_session_cache shared:SSL:10m;
>       ssl_certificate /home/root/ssl/test.crt;
>       ssl_certificate_key /home/root/ssl/test.key;
>       ssl_ecdh_curve secp521r1;
> 
>      ## Stop Image and Document Hijacking
>       location ~* (\.jpg|\.gif|\.png|example\.css)$ {
>         if ($http_referer !~ ^(https://192.168.1.100) ) {
>           return 404;
>         }
>       }
> 
>      ## All other errors get the generic error page
>       error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413
> 414 415 416 417 495 496 497 500 501 502 503 504 505 506 507
> /error_page.html;
>       location  /example_error_page.html {
>           internal;
>       }
>   }
> }
> 
> ...again, it just hangs accessing subdirectories like "test", while
> everything works well from within the local network. The www root
> directory index.html serves up fine, even redirected to 443.
> 
What? Are you telling that using your external IP (lets say it is 1.2.3.4) is working properly?

This here works from external? Really?

http://1.2.3.4/ will get redirected to https://192.168.1.100/
http://1.2.3.4/index.html will get redirected to https://192.168.1.100/index.html


You know that 192.168.0.0/16 is a class c private address range that is not routed on the Internet?

IMHO you should rewrite your http config to:

server {
  ....
  rewrite ^ https://$host$request_uri permanent;
  ....
}



And IMHO you should change the server_name in the https part to be:

server_name 192.168.1.100 "";




> TIA, 
> 
> Mike
> 
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,226665,226666#msg-226666
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de



More information about the nginx mailing list