Location regex + if + basic auth to restrict directory access
B.R.
reallfqq-nginx at yahoo.fr
Sun Mar 10 09:29:18 UTC 2013
I'll answer to my own question there:
Apparently, yes, evaluating something with the 'if' directive doesn't
propagate the environment containing the variables from the 'location'
directive.
All explained on
StackOverflow<http://stackoverflow.com/questions/10876252/nginx-given-custom-subdomain-location-regex-matching-with-http-user-agent-con>
.
The *incorrect* way:
location ^~ /documents/(\w+) {
if ($1 != $remote_user) {
return 503;
}
}
*--> $1 variable is unknown*
The *correct* way:
location ^~ /documents/(\w+) {
set $user $1;
if ($user != $remote_user) {
return 503;
}
}
Although the syntax is now OK and the configuration is able to be reloaded,
it doesn't seem to work at all...
When connecting with the user 'abc', I am still able to access
/documents/def/mydoc.txt.
What's wrong with my way of restricting access?
Thanks for any help,
---
*B. R.*
On Thu, Feb 28, 2013 at 5:36 PM, B.R. <reallfqq-nginx at yahoo.fr> wrote:
> Hello,
>
> I am using basic auth + $remote_user variable send to the back-end
> application to change context depending on the logged-in user.
>
> The thing is, even if the page rendered by the back-end uses nginx user
> authentication, resources from a directory are still allowed for everyone.
>
> My 'documents' directory is sorted as follows:
> documents/
> abc/ --> stores content for user 'abc'
> def/ --> stores content for user 'def'
> ...
>
> I tried the following:
> location ^~ /documents/(\w+) {
> if ($1 != $remote_user) {
> return 503;
> }
> }
>
> But Nginx refuses to validate configuration:
> nginx: [emerg] unknown "1" variable
> nginx: configuration file /etc/nginx/nginx.conf test failed
>
> Does the 'if' directive have an environment isolated for the on of the
> 'location' directive?
> Am I using wrong syntax?
> Is there a 'IfIsEvil' case corresponding to my needs to avoid the use of
> the 'if' directive?
>
> Thanks,
> ---
> *B. R.*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130310/5f463ca7/attachment.html>
More information about the nginx
mailing list