I am trying to use a web app which allows me to upload and share files via a download link. I want the upload section to be accessed via authenticated users only, and download links to be accessible by public users. All download links have /download in the URL and the below configuration works for the most part. Authnetik is being used for the authentication requests.
location / {
auth_request ...;
...
}
location /download/ {
...
}
Due to the way the web app is written, there is a link presented to the user after a download is complete which redirects to root site. For some reason when accessing the root via this link, the auth_request is ignored and the public user is able to access the upload page.
The following bit works fine as intended:
- example.com > Requires authentication
- example.com/download/* > Does not require authentication and is accessible by public users
When accessing example.com/download/ there is a link back to example.com which will load without an authentication request when accessed this way. If send.example.com is accessed directly by typing the URL in the browser, the authentication request is required.
As the web app itself is a docker container I would like to try and fix this without having to change the content of the page itself i.e. not by removing the links. Is there any configuration I can do in Nginx to force authentication requests on these links?
