No authentication prompt with if block

Maxim Dounin mdounin at
Fri Feb 7 19:09:42 UTC 2014


On Fri, Feb 07, 2014 at 10:05:32AM -0800, Grant wrote:

> Authentication works fine if I don't include the if block but I'd like
> to allow only a certain user access to this server block.  I get a 403
> in the browser without any prompt for authentication.
> auth_basic "Authentication Required";
> auth_basic_user_file htpasswd;
> if ($remote_user != "myuser") {
>     return 403;
> }
> What am I doing wrong?

Rewrite directives, including "if", are executed before access 
checks (and hence auth_basic).  So in your cofiguration 403 is 
returned before auth_basic has a chance to ask for authentication 
by returning 401.

Something like

   map $remote_user $invalid_user {
       default      1;
       ""           0;
       "myuser"     0;

   if ($invalid_user) {
       return 403;

   auth_basic ...

should work, as it will allow empty $remote_user and auth_basic 
will be able to ask for authentication if credentials wasn't 

Maxim Dounin

More information about the nginx mailing list