Hello,
[...]
> ```
> The goal is to bypass SSO if a correct HTTP Basic Auth header is present
> while making sure connections are only from said IPs.
>
> When I disable the IP check it works flawlessly. How could I separate these
> requirements?
>
> So (SSO or Basic Auth) and Correct IP
Just use the geo module and "if" to reject unwanted IPs.
"If" is evaluated prior to access & post_access phases, where auth_basic
and co are evaluated.
geo $allowed_ip {
xxx.xxx.xxx.xxx/24 1;
default 0;
}
...
location / {
if ($allowed_ip = 0) {
return 403;
}
....rest of config without allow/deny.
}
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
