Location regex + if + basic auth to restrict directory access

B.R. reallfqq-nginx at yahoo.fr
Sun Mar 10 09:29:18 UTC 2013


I'll answer to my own question there:

Apparently, yes, evaluating something with the 'if' directive doesn't
propagate the environment containing the variables from the 'location'
directive.
All explained on
StackOverflow<http://stackoverflow.com/questions/10876252/nginx-given-custom-subdomain-location-regex-matching-with-http-user-agent-con>
.

The *incorrect* way:

location ^~ /documents/(\w+) {
    if ($1 != $remote_user) {
        return 503;
    }
}
*--> $1 variable is unknown*

The *correct* way:
location ^~ /documents/(\w+) {
    set $user $1;
    if ($user != $remote_user) {
         return 503;
    }
}

Although the syntax is now OK and the configuration is able to be reloaded,
it doesn't seem to work at all...

When connecting with the user 'abc', I am still able to access
/documents/def/mydoc.txt.
What's wrong with my way of restricting access?

Thanks for any help,
---
*B. R.*


On Thu, Feb 28, 2013 at 5:36 PM, B.R. <reallfqq-nginx at yahoo.fr> wrote:

> Hello,
>
> I am using basic auth + $remote_user variable send to the back-end
> application to change context depending on the logged-in user.
>
> The thing is, even if the page rendered by the back-end uses nginx user
> authentication, resources from a directory are still allowed for everyone.
>
> My 'documents' directory is sorted as follows:
> documents/
>     abc/ --> stores content for user 'abc'
>     def/ --> stores content for user 'def'
>     ...
>
> I tried the following:
> location ^~ /documents/(\w+) {
>     if ($1 != $remote_user) {
>         return 503;
>     }
> }
>
> But Nginx refuses to validate configuration:
> nginx: [emerg] unknown "1" variable
> nginx: configuration file /etc/nginx/nginx.conf test failed
>
> Does the 'if' directive have an environment isolated for the on of the
> 'location' directive?
> Am I using wrong syntax?
> Is there a 'IfIsEvil' case corresponding to my needs to avoid the use of
> the 'if' directive?
>
> Thanks,
> ---
> *B. R.*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130310/5f463ca7/attachment.html>


More information about the nginx mailing list