Hello,
Hello, I have a Nginx webserver behind a AWS Application LB. As it is only a staging server so would like to have the restricted access as:
**Only some IP addresses are allowed. **
**Username/password in a httpassword file **
If visitors' IPs are out of the IP range (1), username and password will be required.
I already defined these restrictions in NGINX as:
location / {
# Ip restricted first, then basic autho if ip is not matched
include access_rules.conf;
try_files $uri @prerender;
}
and a file access_rules.conf as: (the file is empty in prod but with the content below for staging as I want to have the restriction only in Staging)
set_real_ip_from [AWS LB Range];
set_real_ip_from aaa.bbb.ccc;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
satisfy any;
allow aaa.bbb.ccc;
# Deny all other IP addresses
deny all;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd.conf;
However, it seems that the config for IP address allowed does not work as I still have to enter username/password even I access from an allowed IP address. I could see the log having 401 when I accessed the page using a curl command from IP aaa.bbb.ccc ($http_x_forwarded_for log value)
[LB IP] - - [30/Oct/2023:07:21:48 +0000] "GET / HTTP/1.1" 401 172 "-" "curl/7.81.0" "aaa.bbb.ccc, [LB IP]"
[LB IP] - - [30/Oct/2023:07:21:48 +0000] "GET / HTTP/1.1" 401 172 "-" "curl/7.81.0" "aaa.bbb.ccc"
Could you please help (I knew how to do this for Apache but stuck with nginx)
Note: When I removed two lines at the bottom,
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpasswd.conf;
I got 403 error even I access from the IP aaa.bbb.ccc. I think there is something strange here
Many thanks
AWS 官方已更新 2 年前