HA Proxy: Omit basic auth for specific URIs

haproxyhttp-basic-authentication

Given a userlist such…

userlist UsersAuth
  group admin users foo
  user foo insecure-password bar

And a backend containing this…

acl AuthOkay_Web http_auth(UsersAuth)
  http-request auth realm AuthYourself if !isOptions !AuthOkay_Web

How can I specify one or more URIs that DO NOT require basic auth?

So, given…

https://example.com/a
https://example.com/baz
https://example.com/c
https://example.com/d

Let's assume that I want /baz to get a free pass.

Is this doable?

Best Answer

Using the ACL documentation at https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.1.3, I came up with this...

  acl url_static path_beg /baz
  acl AuthOkay_Web http_auth(UsersAuth)
  http-request auth realm AuthYourself if !isOptions !url_static !AuthOkay_Web

Related Solutions

NGINX basic auth only for POST

You should use limit_except:

limit_except GET HEAD {
    auth_basic 'Restricted';
    auth_basic_user_file /path/to/userfile;
}

It works since nginx 0.8.48, in older versions there was a bug where fastcgi_pass was not inherited inside the limit_except block.

Nginx – How to disable http basic auth in nginx for a specific ip range

Use satisfy directive to allow access. 32934 is facebook autonomous system, look facebook ip.

satisfy  any;
allow 66.220.144.0/20;
allow 66.220.152.0/21;
allow ...
deny   all;

auth_basic            "closed site";
auth_basic_user_file  conf/htpasswd;

Best Answer

Related Solutions

NGINX basic auth only for POST

Nginx – How to disable http basic auth in nginx for a specific ip range

Related Topic