NGINX basic auth only for POST
5,829
You should use limit_except
:
limit_except GET HEAD {
auth_basic 'Restricted';
auth_basic_user_file /path/to/userfile;
}
It works since nginx 0.8.48, in older versions there was a bug where fastcgi_pass
was not inherited inside the limit_except block.
Author by
Adrian Heine
Software developer with a focus on web development. Currently into JavaScript, TypeScript, Rust and Node.js, extensive experience with PHP.
Updated on September 17, 2022Comments
-
Adrian Heine almost 2 years
I'm settings up nginx to serve Mercurial repositories. It works when not using basic authentication at all, or when I use basic authentication all over.
What I want to do is to just use basic auth on POST requests, so anyone have pull access, but only authenticated users can push.
I tried the following,
if ($request_method = POST) { auth_basic "Restricted"; auth_basic_user_file /path/to/userfile }
However it complains about "auth_basic directive is not allowed here".
How can I solve this?