Closed passie closed 6 years ago
This works for me:
location /test.html {
satisfy any;
allow 8.8.8.8/32; # My IP
auth_digest_user_file /some/path/to/.htpasswd;
auth_digest 'test';
deny all;
}
Are you sure you compiled nginx including the module? How exactly is it failing?
If i connect from let's say 8.8.8.8 I get passed, when connecting from a different IP I get prompted with a password prompt as designed. Though after login in I get a 403 Forbidden. 7234#0: *150614 access forbidden by rule, client: 185.137.18.146
should both auth_digest_user_file & auth_digest be placed in the location {} block or could they also be placed at server {} level ? module is compiled correctly with --add-module=mod-ext/http_auth_digest_nginx_module
Only auth_digest 'test';
is needed in the location block.
Which version of nginx are you using?
nginx version: nginx/1.11.10
Was just thinking that for my current nginx config, I have set the auth_digest_user_file & auth_digest at server level, since the location block doesn't needs to be secured. Could this be the problem, is location {} + auth_digest mandatory in order for digest to work ?
It only seems to sometimes work now for me now. Don't really see a pattern yet but I'm working on it.
This config works for me within the location
or server block
.
satisfy any;
allow 8.8.8.8/32; # My IP
auth_digest_user_file /some/path/to/.htpasswd;
auth_digest 'test';
deny all;
But I did notice one weird thing. If I have a URL like example.com/index.php?foo=bar
it works. But when I access the same page using example.com/?foo=bar
it stops working. Even though index index.php
is set. This module still allows the request but something weird with the satisfy
prevents it after that for some reason. But this happens somewhere outside of this module so there is nothing I can do about that.
One other minor issue I found is that if you set allow
to your IP the requests are still send to this module. But seeing as no data is entered it will always just count towards the evasions making the IP be blocked completely by this module. But seen as the IP is in the allow
the user should never notice this. And seeing as this module can't know about the allow
or satisfy
there also isn't anything we can do about this.
I'm playing around with this module but i'm unable to get this working with satisfy any.
satisfy any;
include /access/ip_list;
auth_digest_user_file /access/passwd.digest;
auth_digest 'secret';
deny all;
Is this supported in this version ?