Nginx Auth Request By Source IP

Grzegorz Kulewski gk at leniwiec.biz
Thu Oct 19 19:08:29 UTC 2017


W dniu 19.10.2017 o 20:59, John Baird pisze:
> I have been doing some reading an googling, and I am wondering if someone can help.
> 
> I have an oauth2 service successfully authenticating nginx visitors.  Because Nginx is fronting a web application on the backend, the web application does NOT have valid domain credentials to interact with the nginx layer.
> 
> Goal:
> I would like to be able to do something like the following:
> 
> geo $localhost {
>   default 0;
>   127.0.0.1/32 <http://127.0.0.1/32> 1;
> }
> 
> server {
>   location / {
>     if ($localhost = 0) {
>       auth_request = /oauth2/callback
>       ....
>     }
>   }
> }
> 
> Is this possible?
> TL;DR -> bypass nginx oauth2 auth_request module when source ip is localhost

If I understood correctly something like that should work:

satisfy any;
allow 127.0.0.1;
deny all;
auth_request ...;

-- 
Grzegorz Kulewski


More information about the nginx mailing list