Hi all -
I'm having an issue trying to get auth_basic and satisfy directives working in tandem. If I use auth_basic/auth_basic_user_file on its own, I am prompted for credentials as expected. However, if I added the satisfy/allow/deny directives above, it seems that ALL traffic is allowed in without prompting for auth.
Here's how I have it.
satisfy any;
allow 38.103.XX.XXX/32; # HQIP
allow 38.118.XX.XXX/32; # User VPN IP
deny all;
auth_basic "Site Restricted";
auth_basic_user_file includes/htpasswd.site.dev.conf;
When I look though my access logs, I see the correct client IP as well.
nginx version is 1.10.1
Thank you for your help.
Dave