No authentication prompt with if block
Maxim Dounin
mdounin at mdounin.ru
Sat Feb 8 21:05:28 UTC 2014
Hello!
On Sat, Feb 08, 2014 at 08:43:53AM -0800, Grant wrote:
> >> Authentication works fine if I don't include the if block but I'd like
> >> to allow only a certain user access to this server block. I get a 403
> >> in the browser without any prompt for authentication.
> >>
> >> auth_basic "Authentication Required";
> >> auth_basic_user_file htpasswd;
> >> if ($remote_user != "myuser") {
> >> return 403;
> >> }
> >>
> >> What am I doing wrong?
> >
> > Rewrite directives, including "if", are executed before access
> > checks (and hence auth_basic). So in your cofiguration 403 is
> > returned before auth_basic has a chance to ask for authentication
> > by returning 401.
> >
> > Something like
> >
> > map $remote_user $invalid_user {
> > default 1;
> > "" 0;
> > "myuser" 0;
> > }
> >
> > if ($invalid_user) {
> > return 403;
> > }
> >
> > auth_basic ...
> >
> > should work, as it will allow empty $remote_user and auth_basic
> > will be able to ask for authentication if credentials wasn't
> > supplied.
>
> That works great, thank you. Does adding 'map' slow the server down much?
No, not at all. In contrast, using maps is usually faster than
any other method to do conditional checks. See docs at
http://nginx.org/r/map, in particular this note:
: Since variables are evaluated only when they are used, the mere
: declaration even of a large number of “map” variables does not add
: any extra costs to request processing.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list