search

linuxserver / docker-swag

Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
https://docs.linuxserver.io/general/swag
GNU General Public License v3.0
2.79k stars 239 forks source link

[FEAT] Templated local network bypass for Authentik #499

Open brianramseyau opened 3 weeks ago

brianramseyau commented 3 weeks ago

Is this a new feature request?

Wanted change

Provide the ability for users to bypass Authentik authentication within theirlocal network, as a part of the proxy location configuration.

Reason for change

Doing a quick web search shows up a tonne of people who get frustrated and go to a/revert to a different service (like Authelia) as they cannot work out how to bypass the authentication inside their local network.

You cannot effectively do this in Authentik's configuration in the same way as you can in Authelia's policy.

Proposed code change

I've added this code block, above the auth_request section of authentik-location.conf and it works well. Perhaps it could be added commented out or wrapped in a conditional.

...
## Bypass Authentik for local networks
## Allow multiple rules blocks defined here to work in an "OR" fashion
satisfy any;
## Bypass auth_request for RFC1918 / local networks (see https://datatracker.ietf.org/doc/html/rfc1918)
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
...
github-actions[bot] commented 3 weeks ago

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.