NGINX: How to allow full access if a certain HTTP header is set, else trigger HTTP Basic Authentication

Question

As the question implies I want to allow full access to my website if the X-Auth HTTP header is set and contains a specific string. If this is not the case, HTTP basic authentication should be triggered. Something like this:

if ($http_x_auth = "some_string") {
  allow access;
} else {
  auth_basic "Authentication";
  auth_basic_user_file /etc/nginx/security_http_basic_auth_file;
}

Unfortunately NGINX does not allow if else statements. Does anyone have an idea how this could be done?

`if-else` is useless in this case, juste invert your condition and request basic auth if the header doesn't match the string. — Ginnungagap, Oct 14 '20 at 07:24
@Ginnungagap Thanks, but you can not use any basic auth statements within the NGINX if statement, I forgot to mention that. — manifestor, Oct 14 '20 at 07:51
Manifestor were you able to take a look at my solution using "map" below? — ampularius, Jun 22 '23 at 09:32

score 0 · Answer 1 · edited Oct 27 '20 at 13:04

0

You could probably do it with map.

In the http block:

map $http_x_auth $has_basic_auth {
    "some_string" no_basic_auth;
    default with_basic_auth;
}

In your location block:

try_files nonexistent @$has_basic_auth;

And then add two named locations:

location @no_basic_auth {
    # insert your config
}
location @with_basic_auth {
    # insert your config with basic auth
}

edited Oct 27 '20 at 13:04

anx

8,963
5
24
48

answered Oct 14 '20 at 14:15

ampularius

101
3

@manifestor were you able to resolve your issue with this? – ampularius Feb 23 '21 at 19:18

NGINX: How to allow full access if a certain HTTP header is set, else trigger HTTP Basic Authentication

1 Answers1