Welcome! Log In Create A New Profile

Advanced

Basic Auth - Block Requests from other domains

Posted by lucasbasquerotto 
Basic Auth - Block Requests from other domains
July 07, 2020 02:17PM
Hi! I would like to know if there is a way to activate Basic Auth but in a way to lock requests from other domains, and only accept if it's from the same domain. It would work as a SameSite attribute in a cookie, but in this case for the basic auth. A SameSite cookie is done at the browser side, so it would be more to block if it came from another domain (for basic auth).

This is about the following case:

https://security.stackexchange.com/questions/234341/http-basic-auth-and-csrf/234346

I would like to know if there is a way to block requests as the nginx side, if the request if is not from the same origin (actually, it doesn't need to be for basic authentication, it could be a more general approach). Nginx should accept the requests only in this case. Is there any way to do this?

Thanks in advance!
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 76
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready