limit_except - require trusted ip AND auth vs. ip OR auth
Patrick
201904-nginx at jslf.app
Wed Jun 19 03:02:53 UTC 2019
On 2019-06-18 16:41, Matthias Müller wrote:
> 1) Permit POST, PUT if the request matches a trusted IP address OR
> Basic auth credentials (either-or)
Something like this will work:
map $remote_addr $is_admin {
1.2.3.4 1;
default 0;
}
map $is_admin$request_method $admin_required {
"GET" 0;
"HEAD" 0;
"OPTIONS" 0;
"~1.*" 0;
default 1;
}
server {
listen 80;
server_name localhost;
access_log /var/log/nginx/access.log combined;
location @loc_A {
root /srv/www;
try_files $uri =404;
}
location @loc_A_auth {
auth_basic 'Restricted';
auth_basic_user_file /etc/nginx/htpasswd;
try_files /NO-SUCH-FILE @loc_A;
}
location /a {
recursive_error_pages on;
error_page 598 = @loc_A;
error_page 599 = @loc_A_auth;
if ( $admin_required ) {
return 599;
}
return 598;
}
}
More information about the nginx
mailing list