NGINX basic auth only for POST

Question

I'm settings up nginx to serve Mercurial repositories. It works when not using basic authentication at all, or when I use basic authentication all over.

What I want to do is to just use basic auth on POST requests, so anyone have pull access, but only authenticated users can push.

I tried the following,

if ($request_method = POST) {
  auth_basic "Restricted";
  auth_basic_user_file /path/to/userfile
}

However it complains about "auth_basic directive is not allowed here".

How can I solve this?

score 15 · Answer 1 · edited Feb 15 '18 at 13:11

15

You should use limit_except:

limit_except GET HEAD {
    auth_basic 'Restricted';
    auth_basic_user_file /path/to/userfile;
}

It works since nginx 0.8.48, in older versions there was a bug where fastcgi_pass was not inherited inside the limit_except block.

edited Feb 15 '18 at 13:11

rcoup

167
1
8

answered Mar 12 '11 at 13:47

Mitar

507
4
18

NGINX basic auth only for POST

1 Answers1

Linked