Basic authentication for everyone except localhost in nginx
- 25 Aug 2018: Post was created (diff)
Introduction
I have a shop order system where some admin pages are password protected using HTTP Basic Auth in nginx. Now I want to have a monitoring daemon accessing the admin pages without it having to authenticate itself.
- The monitoring daemon will be running on localhost
- If the request comes from the loopback device, i.e.
127.0.0.1, allow without authentication - For all other remote addresses require valid credentials with HTTP Basic Auth
location /admin {
satisfy any;
allow 127.0.0.1;
deny all;
auth_basic "r u l33t f00di3?";
auth_basic_user_file /srv/foodshop-tesoro/.htpasswd;
}
The clue here is the satisfy directive, which can be
either all or any. Setting any in this case forces the request to either
stem from localhost, or to be authenticated using auth_basic.
References
- https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
If you have any comments or feedback, please send me an e-mail. (stig at stigok dotcom).
Did you find any typos, incorrect information, or have something to add? Then please propose a change to this post.