NGINX multiple authentication methods (one or the other) AND an IP check seems impossible
J Carter
jordanc.carter at outlook.com
Mon May 27 06:48:40 UTC 2024
Hello,
[...]
> ```
> The goal is to bypass SSO if a correct HTTP Basic Auth header is present while making sure connections are only from said IPs.
>
> When I disable the IP check it works flawlessly. How could I separate these requirements?
>
> So (SSO or Basic Auth) and Correct IP
Just use the geo module and "if" to reject unwanted IPs.
"If" is evaluated prior to access & post_access phases, where auth_basic
and co are evaluated.
geo $allowed_ip {
xxx.xxx.xxx.xxx/24 1;
default 0;
}
...
location / {
if ($allowed_ip = 0) {
return 403;
}
....rest of config without allow/deny.
}
More information about the nginx
mailing list