Re: NGINX multiple authentication methods (one or the other) AND an IP check seems impossible
Gergő Vári
varigergo07 at gmail.com
Mon May 27 11:11:01 UTC 2024
That works wonderfully, thank you!
On May 27, 2024 6:48:40 AM UTC, J Carter <jordanc.carter at outlook.com> wrote:
>Hello,
>
>[...]
>
>> ```
>> The goal is to bypass SSO if a correct HTTP Basic Auth header is present while making sure connections are only from said IPs.
>>
>> When I disable the IP check it works flawlessly. How could I separate these requirements?
>>
>> So (SSO or Basic Auth) and Correct IP
>
>Just use the geo module and "if" to reject unwanted IPs.
>
>"If" is evaluated prior to access & post_access phases, where auth_basic
>and co are evaluated.
>
>geo $allowed_ip {
> xxx.xxx.xxx.xxx/24 1;
> default 0;
>}
>
>...
>
>location / {
> if ($allowed_ip = 0) {
> return 403;
> }
>
> ....rest of config without allow/deny.
>}
>_______________________________________________
>nginx mailing list
>nginx at nginx.org
>https://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20240527/c2a806b2/attachment.htm>
More information about the nginx
mailing list