That works wonderfully, thank you!
On May 27, 2024 6:48:40 AM UTC, J Carter <jordanc.car...@outlook.com> wrote:
>Hello,
>
>[...]
>
>> ```
>> The goal is to bypass SSO if a correct HTTP Basic Auth header is present
>> while making sure connections are only from said IPs.
>>
>> When I disable the IP check it works flawlessly. How could I separate these
>> requirements?
>>
>> So (SSO or Basic Auth) and Correct IP
>
>Just use the geo module and "if" to reject unwanted IPs.
>
>"If" is evaluated prior to access & post_access phases, where auth_basic
>and co are evaluated.
>
>geo $allowed_ip {
> xxx.xxx.xxx.xxx/24 1;
> default 0;
>}
>
>...
>
>location / {
> if ($allowed_ip = 0) {
> return 403;
> }
>
> ....rest of config without allow/deny.
>}
>_______________________________________________
>nginx mailing list
>nginx@nginx.org
>https://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
