Welcome! Log In Create A New Profile

Advanced

Basic Auth - Block Requests from other domains

Posted by lucasbasquerotto 
This forum is currently read only. You can not log in or make any changes. This is a temporary situation.
Basic Auth - Block Requests from other domains
July 07, 2020 02:17PM
Hi! I would like to know if there is a way to activate Basic Auth but in a way to lock requests from other domains, and only accept if it's from the same domain. It would work as a SameSite attribute in a cookie, but in this case for the basic auth. A SameSite cookie is done at the browser side, so it would be more to block if it came from another domain (for basic auth).

This is about the following case:

https://security.stackexchange.com/questions/234341/http-basic-auth-and-csrf/234346

I would like to know if there is a way to block requests as the nginx side, if the request if is not from the same origin (actually, it doesn't need to be for basic authentication, it could be a more general approach). Nginx should accept the requests only in this case. Is there any way to do this?

Thanks in advance!

Online Users

Guests: 87
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready