Satistfy any not working as expected

Arno0x0x nginx-forum at
Wed May 20 17:12:26 UTC 2015

Hi Maxim,

Thanks again for your explanations, they make sense. So I've put back the
"deny all;" statement. I get the 403 unauthorized message back. And there's
indeed some good indication in the error log, showing that my auth_request
script does the job, and then the login page returns the 403 status code.

So I added an "allow all;" statement just on the login page which is the
only one that needs to be reachable in any case.

Let me paste a more real and complete example of my config (I hid some
personal stuff), I hope this one makes sense:
server {
	listen   443;
	server_name hidden;

	ssl on;
	ssl_certificate /hidden;
	ssl_certificate_key /hidden;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'AES256+EECDH:AES256+EDH';
	ssl_prefer_server_ciphers on;
	ssl_session_cache shared:SSL:10m;

	root /var/www/hidden;
	index index.php index.html index.htm;

	satisfy any;
	deny all;

	auth_request /twofactorauth/nginx/auth.php;

 	error_page 401 = @error401;
	location @error401 {
        	return 302

	location / {
		try_files $uri $uri/ /index.html;

	location = /twofactorauth/nginx/auth.php {
		fastcgi_pass unix:/var/run/php5-fpm.sock;
		include fastcgi.conf;
		fastcgi_param  CONTENT_LENGTH "";
	location = /twofactorauth/login/login.php {
		allow all;
		auth_request off;

                fastcgi_pass unix:/var/run/php5-fpm.sock;
                include fastcgi.conf;
See the "allow all;" statement under the login.php location ? This make
everyhting work as I expect, but I hope i makes sense.

Thanks and kind regards,

Posted at Nginx Forum:,258955,259020#msg-259020

More information about the nginx mailing list