Welcome! Log In Create A New Profile

Advanced

Re: Combining Basic Authentication with Access Restriction by IP Address and auth_basic off

June 27, 2018 10:00AM
On Wed, Jun 27, 2018 at 03:08:50PM +0200, basti wrote:
> Hello,
> I have a config like:
>
> server {
>
> ...
> # combine basic auth and ip whitelisting
> #
> https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
> satisfy any;
> allow <my_static_IP>;
> deny all;
>
> auth_basic "Restricted";
> auth_basic_user_file /etc/nginx/nx4/.htpasswd;
>
> location /.well-known/acme-challenge/ {
> auth_basic off;
> default_type "text/plain";
> alias /var/lib/dehydrated/acme-challenges/;
> }
> }
>
> But it seems not working.
> Access from allowed ip is fine, from all other get
>
> 2018/06/27 14:54:12 [error] 1333#1333: *11176 access forbidden by rule,
> client: ...
>
> nginx -v
> nginx version: nginx/1.10.3
>
> Can anyone confirm this?

Since you have switched auth_basic off, the only enabled authentication
left is by client address, and your inherited configuration says it's
denied for everything except <my_static_IP>. Put "allow all" into the
"location /.well-known/acme-challenge/" to have it working for all.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Combining Basic Authentication with Access Restriction by IP Address and auth_basic off

basti June 27, 2018 09:10AM

Re: Combining Basic Authentication with Access Restriction by IP Address and auth_basic off

ru@nginx.com June 27, 2018 10:00AM

Re: Combining Basic Authentication with Access Restriction by IP Address and auth_basic off

basti June 27, 2018 10:02AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 101
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready