0

The http block in nginx.conf contains the following:

auth_basic $development_exceptions;

In an included file the geo module is used to set the variable:

geo $development_exceptions {
     default "Not allowed.";

    1.2.3.4 "off";
}

The map module uses the user agent variable in the same included file:

map $http_user_agent $development_exceptions  { 
    default "Not allowed.";

    ~*(header-text) "off";
}

However, the setting of the development exceptions variable is competing, and so when the second code is applied the first code stops doing anything.

How can both strategies be combined? In this case it might not be possible to change nginx.conf.

Improve this question
4
  • So you expect a solution and you don't want to change nginx.conf which controls what happens? Commented Oct 6, 2017 at 18:04
  • The structure at the host is setup in such a way that the includes can be controlled but not nginx.conf. If the only way to do this is through nginx.conf, then I am interested in that solution as well, as I can make a request for it. Commented Oct 6, 2017 at 18:20
  • The parts that you posted, can they be edited to workout a solution? Are those both part of the includes or they are directly in nginx.conf? Commented Oct 6, 2017 at 18:24
  • They can be edited in any way, they are both part of the includes and not directly in nginx.conf Commented Oct 7, 2017 at 19:10

2 Answers 2

Reset to default
3
+50

Then you should try below approach

geo $development_exceptions_geo {
    default "Not allowed.";
    1.2.3.4 "off";
}

map $http_user_agent $development_exceptions_agent  { 
    default "Not allowed.";

    ~*(header-text) "off";
}

Now if you want to use or condition then you can do below

map $development_exceptions_agent$development_exceptions_geo $development_exceptions {
    ~off "off";
    default "Not allowed.";
}

If you want an and condition then you can do below

map $development_exceptions_agent$development_exceptions_geo $development_exceptions {
    ~offoff "off";
    default "Not allowed.";
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Your 'or' code reads like xor. Correct? I will try your solution and get back to you.
I read it wrong. Your ~off is a regex and matches any 'off'. Thanks for the help.
0

I wanted to combine 'allowed IP-List' OR 'some User Agents' to bypass authentication, works:

geo $auth_geo {
    default "Authentication required";
    18.184.113.24 "off"; # pingdom
    35.158.65.6 "off";   # pingdom
    52.87.44.246 "off";  # url.thum.io
    52.44.29.90 "off";   # url2.thum.io
}

map $http_user_agent $auth_agent {
    default "Auth required";
    "~PingdomPageSpeed" "off";
    "~cutycapt" "off";
    "~Chrome-Lighthouse" "off";
}

map $auth_geo$auth_agent $auth {
    ~off "off";
    default "Not allowed.";
}

then use it similar to:

location ~ \.php$ {
    auth_basic $auth;
    auth_basic_user_file /etc/nginx/custom/website/htpasswd;
    try_files $uri =404;
    include fastcgi_params;
    fastcgi_pass $phpupstream;
}

I do not know if auth_basic_user can maybe also a relativ path (?).

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.