More Secure NGINX Authentication than auth_basic

authentication nginx
9,161

Solution 1

NGINX has a digest authentication module: https://www.nginx.com/resources/wiki/modules/auth_digest/

Unlike basic authentication, digest authentication does not send user names and passwords in plain text over the internet.

If your site is SSL only, then basic authentication is probably fine. the SSL encrypts the entire session including the user names and passwords.

Solution 2

Although the question is 2 years old, I would like to keep on answering to it.

The page linked by the accepted answer (https://www.nginx.com/resources/wiki/modules/auth_digest/) is 11 years old and states itself that "... (it) is in need of broader testing before it can be considered secure enough for use in production."

A GitHub page (https://github.com/atomx/nginx-http-auth-digest) is also linked and more recent advice (April 2017) of the authors may found on it: "The module is currently functional but has only been tested and reviewed by its author. And given that this is security code, one set of eyes is almost certainly insufficient to guarantee that it's 100% correct."

So my conclusion is that the accepted answer gives a very interesting module which is unfortunately not advisable for securing sensitive data.

Share:
9,161

Related videos on Youtube

Ryan Foley
Author by

Ryan Foley

Updated on September 18, 2022

Comments

  • Ryan Foley
    Ryan Foley almost 2 years

    I've been trying to come up with the most secure method of authentication to my reverse proxy in NGINX. I've been using ngx_http_auth_basic_module so far without any issues, but there are apparently some glaring security implications with this setup. Most of these security concerns are not too big of an issue because my site is strictly operating with SSL. I'd still like to secure it as much as possible.

    Are there any alternative, superior authentication mechanisms for NGINX?

    I'm open to anything; this is not a public service.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

nginx auth_basic "Restricted" prompting login on every request
Securing a Docker container with HTTP BASIC AUTH
Webmin: Cannot login through nginx reverse proxy
nginx doesn't seem to recognize "auth_pam" directive
Use NGINX for AD Authentication of both API users and Web Users
Nginx auth only for given location
How to disable nginx basic_auth for one location but enable it for the rest of the site
Nginx - basic http authentication on PHP-script
Authentication with specific subdomains
nginx: understanding the purpose of auth_http (IMAP proxy)