Allow IP addresses to bypass authentication in Nginx auth_request module

Asked Dec 16 '20 at 00:58

Active Dec 16 '20 at 17:56

Viewed 928 times

I have a config like below. I would like to allow a list of IPs to bypass authentication.

server {
 listen 80;

 server_name test2.example.com;
 add_header Strict-Transport-Security max-age=2592000;

  location = /oauth2/auth {
      internal;
      proxy_pass http://oauth.example.com:4180;
  }

  location /oauth2/ {
      proxy_pass http://oauth.example.com:4180;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Scheme $scheme;
  }

  location / {
    auth_request /oauth2/auth;
    error_page 401 = /oauth2/start?rd=$request_uri;
    proxy_pass https://test.example.com;
  }
}

I have tried adding this above auth_request but that doesn't seem to help. I can see in the logs that the request is coming from whitelisted IPs.

satisfy all;
allow 10.0.0.0/16;
allow 56.56.56.56/28;
deny all;

Update: Modifying satisfy all to satisfy any fixed the bypassing for IP addresses.

edited Dec 16 '20 at 17:56

asked Dec 16 '20 at 00:58

pdna

3

Try: `satisfy any;` instead of `satisfy all;` - see [this document](http://nginx.org/en/docs/http/ngx_http_core_module.html#satisfy). – Richard Smith Dec 16 '20 at 08:34
@RichardSmith that worked. thank you so much! – pdna Dec 16 '20 at 13:35

Allow IP addresses to bypass authentication in Nginx auth_request module

0 Answers0