Basic auth only on POST
February 23, 2016 07:23PM
Im trying to secure my rest backend by adding basic authentication to every call that can modify my data.
In other words I want GET requests available to everyone, but secure POST, PUT and DELETE requests with basic auth.

So I tried the following config, but that is not valid because a "auth_basic" is not allowd inside a "if".

location /data/ {
.....proxy_pass http://localhost:9000/;
.....if ($request_method != GET) {
..........auth_basic "Restricted";
..........auth_basic_user_file /etc/nginx/.htpasswd;
.....}
}

I also tried another configuration using "limit_except", but multiple "limit_except" are not valid either.

location /data/ {
.....proxy_pass http://localhost:9000/;
.....limit_except GET HEAD{
.....}
.....limit_except POST PUT DELETE{
..........auth_basic "Restricted";
..........auth_basic_user_file /etc/nginx/.htpasswd;
.....}
}

any idea how I can solve this?
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 295
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready