[prev in list] [next in list] [prev in thread] [next in thread]
List: nginx
Subject: Re: limit_except - require trusted ip AND auth vs. ip OR auth
From: Matthias =?ISO-8859-1?Q?M=FCller?= <matthias_mueller () tu-dresden ! de>
Date: 2019-06-21 7:28:48
Message-ID: ff5f5148bcb6fd662c6d14c4209cd72423c62fd2.camel () tu-dresden ! de
[Download RAW message or body]
Hi Maxim,
works like a charm!
Thanks,
Matthias
Am Mittwoch, den 19.06.2019, 15:33 +0300 schrieb Maxim Dounin:
> Hello!
>
> On Tue, Jun 18, 2019 at 04:41:51PM +0200, Matthias Müller wrote:
>
> > I would like to constrain HTTP access (PUT, POST) to an NGINX
> > server
> > for specific locations.
> >
> > There are two cases:
> >
> > 1) Permit POST, PUT if the request matches a trusted IP address OR
> > Basic auth credentials (either-or)
> > 2) Permit POST, PUT if the request matches a trusted IP address AND
> > Basic auth credentials (must match both)
> >
> >
> > The configuration for (2) is appended. But how can I achieve (1)?
> > It
> > seems that "satisfy any" cannot be included with "limit_except".
>
> While the "satisfy" directive cannot be used in limit_except
> blocks, the value set in the enclosing location still applies.
> So, you can do something like this:
>
> location /b {
> satisfy any;
>
> limit_except GET {
> allow 127.0.0.0/8;
> auth_basic "closed";
> auth_basic_user_file .htpasswd;
> }
>
> ...
> }
>
> This will allow request from specified IP addresses or with
> appropriate authentication.
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic