auth_request off; ignored when combined with auth_basic;
Stian Øvrevåge
sovrevage at gmail.com
Fri Oct 13 05:47:11 UTC 2017
Hi list,
I have a server {} block that is protected with auth_request; on the top level.
auth_request is used for a interactive login process.
I have some endpoints that will receive data from other software, and
must instead be protected by auth_basic. However, "auth_request off;"
is ignored in these location{} blocks IF there is also a auth_basic
statement in the block.
This works without logging in:
location /test/ {
auth_request off;
proxy_pass http://localhost:88/;
}
This is automatically redirected back to /security/ for login (as
defined by auth_request in server{} block.
location /api/ {
auth_request "off";
auth_basic "Restricted access";
auth_basic_user_file /etc/htpasswd;
proxy_pass http://localhost:88/;
}
I see online references to a "satisfy any" directive that apparently
worked a few years ago, but it does not anymore, and others are
reporting similar problems:
https://stackoverflow.com/questions/42301559/nginx-with-auth-request-and-auth-basic
Brgds,
Stian Øvrevåge
More information about the nginx
mailing list