Welcome! Log In Create A New Profile

Advanced

Nginx authentication based on parameterized url

Posted by tmuesele 
tmuesele
Nginx authentication based on parameterized url
December 21, 2016 11:30AM
Hi there,

I need an authentication based on a parameterized class call in a url. For
example the url:

https://sample.com/index.php?cl=accesstestprivate

should be access-able by IP address 192.168.1.1, if the request doesnt come
from this IP, a basic auth should be invoked.

All other / pages e.g. index.php, index.php?start=1 should be access-able by
public.

I was trying to use the map function. But in this case, the site is not
available from public.

map $arg_cl $auth_type {
default „off";
"accesstestprivate“ "closed";
}

location / {
satisfy any;
allow 192.168.1.1;
auth_basic $auth_type;
auth_basic_user_file conf/htpasswd;
proxy_pass http://devserver;
}
Any ideas?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,271665,271665#msg-271665

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: Nginx authentication based on parameterized url
December 29, 2016 12:50PM
On Wed, Dec 21, 2016 at 05:19:55AM -0500, tmuesele wrote:

Hi there,

> I need an authentication based on a parameterized class call in a url. For
> example the url:
>
> https://sample.com/index.php?cl=accesstestprivate
>
> should be access-able by IP address 192.168.1.1, if the request doesnt come
> from this IP, a basic auth should be invoked.
>
> All other / pages e.g. index.php, index.php?start=1 should be access-able by
> public.

Your sample config makes it look like:

* 192.168.1.1 can access anything
* any other address can access anything unless it has cl=accesstestprivate
in the query string
* if the request has cl=accesstestprivate in the query string, then most
clients are challenged for basic authentication

> I was trying to use the map function. But in this case, the site is not
> available from public.

It seems to work for me, when I make sure to only use the " double-quote
character in nginx.conf.

> map $arg_cl $auth_type {
> default „off";
> "accesstestprivate“ "closed";
> }
>
> location / {
> satisfy any;
> allow 192.168.1.1;
> auth_basic $auth_type;
> auth_basic_user_file conf/htpasswd;
> proxy_pass http://devserver;
> }
> Any ideas?

What failure do you see?

As in: what request do you make, what response do you get, what response
do you want instead?

Is there anything in the error log?

(I did see "open() "/usr/local/nginx/conf/conf/htpasswd" failed (2:
No such file or directory)" in my error log, until I changed the
auth_basic_user_file directive. But perhaps you have the matching
directory structure already.)

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login