limit_except - require trusted ip AND auth vs. ip OR auth
Maxim Dounin
mdounin at mdounin.ru
Wed Jun 19 12:33:28 UTC 2019
Hello!
On Tue, Jun 18, 2019 at 04:41:51PM +0200, Matthias Müller wrote:
> I would like to constrain HTTP access (PUT, POST) to an NGINX server
> for specific locations.
>
> There are two cases:
>
> 1) Permit POST, PUT if the request matches a trusted IP address OR
> Basic auth credentials (either-or)
> 2) Permit POST, PUT if the request matches a trusted IP address AND
> Basic auth credentials (must match both)
>
>
> The configuration for (2) is appended. But how can I achieve (1)? It
> seems that "satisfy any" cannot be included with "limit_except".
While the "satisfy" directive cannot be used in limit_except
blocks, the value set in the enclosing location still applies.
So, you can do something like this:
location /b {
satisfy any;
limit_except GET {
allow 127.0.0.0/8;
auth_basic "closed";
auth_basic_user_file .htpasswd;
}
...
}
This will allow request from specified IP addresses or with
appropriate authentication.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list