Satistfy any not working as expected
Arno0x0x
nginx-forum at nginx.us
Wed May 20 17:12:26 UTC 2015
Hi Maxim,
Thanks again for your explanations, they make sense. So I've put back the
"deny all;" statement. I get the 403 unauthorized message back. And there's
indeed some good indication in the error log, showing that my auth_request
script does the job, and then the login page returns the 403 status code.
So I added an "allow all;" statement just on the login page which is the
only one that needs to be reachable in any case.
Let me paste a more real and complete example of my config (I hid some
personal stuff), I hope this one makes sense:
--------------------------------------
server {
listen 443;
server_name hidden;
ssl on;
ssl_certificate /hidden;
ssl_certificate_key /hidden;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
root /var/www/hidden;
index index.php index.html index.htm;
satisfy any;
allow 192.168.0.0/24;
deny all;
auth_request /twofactorauth/nginx/auth.php;
error_page 401 = @error401;
location @error401 {
return 302
$scheme://$host/twofactorauth/login/login.php?from=$uri;
}
location / {
try_files $uri $uri/ /index.html;
}
location = /twofactorauth/nginx/auth.php {
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi.conf;
fastcgi_param CONTENT_LENGTH "";
}
location = /twofactorauth/login/login.php {
allow all;
auth_request off;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi.conf;
}
[...]
}
--------------------------------------
See the "allow all;" statement under the login.php location ? This make
everyhting work as I expect, but I hope i makes sense.
Thanks and kind regards,
Arno
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,258955,259020#msg-259020
More information about the nginx
mailing list