Satistfy any not working as expected
Maxim Dounin
mdounin at mdounin.ru
Mon May 18 12:44:44 UTC 2015
Hello!
On Mon, May 18, 2015 at 04:48:40AM -0400, Arno0x0x wrote:
> Hi,
>
> I'm facing an issue using the "satisfy any" directive. What I'm trying to
> achieve is quite simple:
> - have an auth_request directive protecting the entire website (hence set at
> the server level in the config file)
> - have no such authentication for the local network
>
> I've put the following lines in my nginx config file, under the 'server'
> directive:
>
> ----------------------------
> server {
>
> satisfy any;
> allow 192.168.0.0/24;
> deny all;
>
> auth_request /path/to/authRequestScript.php;
> [...]
> }
> ----------------------------
>
> Although that works well for the local network (ie: no authentication
> required anymore), I get a "403 Forbidden" message when I'm connecting from
> the outside network where I would expect the usual authentication mecanism
> to be triggered.
>
> All the exemples I found rely on the "location /" directive, but I'd like it
> to be at the server level.
>
> What am I doing wrong ?
There is no real difference between configuring this at location
or at server level - as long as requests to
"/path/to/authRequestScript.php" are properly handled. In your
case, "403 Forbidden" suggests they aren't handled properly - this
may happen, e.g., because you incorrecly specified URI (note that
the parameter of auth_request is URI, not file path), or because
the php script isn't properly run, or because the script itself
does a wrong thing. The error log may have some details for you,
try looking into it.
Note well that if you want "the usual authentication mecanism",
then auth_request is probably not for you, and you should use
auth_basic instead, see here:
http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
The auth request module is only needed when you want to code some
custom authentication yourself.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list