Welcome! Log In Create A New Profile

Advanced

Re: No authentication prompt with if block

Maxim Dounin
February 08, 2014 04:06PM
Hello!

On Sat, Feb 08, 2014 at 08:43:53AM -0800, Grant wrote:

> >> Authentication works fine if I don't include the if block but I'd like
> >> to allow only a certain user access to this server block. I get a 403
> >> in the browser without any prompt for authentication.
> >>
> >> auth_basic "Authentication Required";
> >> auth_basic_user_file htpasswd;
> >> if ($remote_user != "myuser") {
> >> return 403;
> >> }
> >>
> >> What am I doing wrong?
> >
> > Rewrite directives, including "if", are executed before access
> > checks (and hence auth_basic). So in your cofiguration 403 is
> > returned before auth_basic has a chance to ask for authentication
> > by returning 401.
> >
> > Something like
> >
> > map $remote_user $invalid_user {
> > default 1;
> > "" 0;
> > "myuser" 0;
> > }
> >
> > if ($invalid_user) {
> > return 403;
> > }
> >
> > auth_basic ...
> >
> > should work, as it will allow empty $remote_user and auth_basic
> > will be able to ask for authentication if credentials wasn't
> > supplied.
>
> That works great, thank you. Does adding 'map' slow the server down much?

No, not at all. In contrast, using maps is usually faster than
any other method to do conditional checks. See docs at
http://nginx.org/r/map, in particular this note:

: Since variables are evaluated only when they are used, the mere
: declaration even of a large number of “map” variables does not add
: any extra costs to request processing.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

No authentication prompt with if block

Grant February 07, 2014 01:06PM

Re: No authentication prompt with if block

Maxim Dounin February 07, 2014 02:10PM

Re: No authentication prompt with if block

Grant February 08, 2014 11:46AM

Re: No authentication prompt with if block

Maxim Dounin February 08, 2014 04:06PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 48
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready