Nginx authentication based on parameterized url

Francis Daly francis at
Thu Dec 29 11:44:38 UTC 2016

On Wed, Dec 21, 2016 at 05:19:55AM -0500, tmuesele wrote:

Hi there,

> I need an authentication based on a parameterized class call in a url. For
> example the url:
> should be access-able by IP address, if the request doesnt come
> from this IP, a basic auth should be invoked.
> All other / pages e.g. index.php, index.php?start=1 should be access-able by
> public.

Your sample config makes it look like:

* can access anything
* any other address can access anything unless it has cl=accesstestprivate
in the query string
* if the request has cl=accesstestprivate in the query string, then most
clients are challenged for basic authentication

> I was trying to use the map function. But in this case, the site is not
> available from public.

It seems to work for me, when I make sure to only use the " double-quote
character in nginx.conf.

> map $arg_cl $auth_type {
>  default       „off";
>  "accesstestprivate“ "closed";
> }
> location / {
>   satisfy any;
>   allow;
>   auth_basic $auth_type;
>   auth_basic_user_file conf/htpasswd;
>   proxy_pass http://devserver;
> }
> Any ideas?

What failure do you see?

As in: what request do you make, what response do you get, what response
do you want instead?

Is there anything in the error log?

(I did see "open() "/usr/local/nginx/conf/conf/htpasswd" failed (2:
No such file or directory)" in my error log, until I changed the
auth_basic_user_file directive. But perhaps you have the matching
directory structure already.)

Francis Daly        francis at

More information about the nginx mailing list