Some cool extensions with HTTP Basic Authentication

Yubraj Ghimire
Jul 8, 2020 · 3 min read

Earlier, I explained about username/password authentication to authenticate the users before serving the content. Let’s check out few cool extensions on basic authentication together with IP address, specific URLs, and cookie handling this time.

Prerequisites

  • The password file is already created (htpasswd)
  • username/password authentication is already working

Basic Authentication together with Access Restriction by IP address

Restricting certain IP address together with HTTP basic authentication can be also achievable with few configurations. Let’s see this implementation in the following two cases.

Case 1: Allowing access to the user with a valid username/password as well as with a valid IP Address

This example shows a combo use case of HTTP basic authentication and IP restriction where satisfy all denotes that the user has to satisfy both conditions to be able to pass the authentication. This example will grant access for the 192.168.1.1/24 network excluding the 192.168.1.1 address.

Case 2: Allowing access to the user either with a valid username/password or with a valid IP address

satisfy any denotes that the user has to satisfy at least one condition to pass the authentication.

takeaway points

  • The allow and deny directives will be applied in the order they are defined.
  • satisfy all denotes that the user has to satisfy all conditions whereas satisfy any denotes that the access is granted if the user satisfies at least one condition.

Basic Authentication for specific URLs

It is also possible to achieve authentication rules applied to a specific URL instead of applying to all.

This example shows that the basic authentication only applies to /api and the rest of the URLs are freely accessible.

Basic Authentication together with Cookie and IP address for specific URL (Final episode 😜)

This example grants access to the users to /api if they are coming from valid networks or they have specified cookie (bettercallsaul) set. It shows the basic authentication dialog if none of the conditions are satisfied and it will set the cookie once the user has access.

takeaway points

  • map is an extremely flexible and powerful module in Nginx configuration. It allows creating variables whose values depend on the values of other variables.
  • geo module also possesses the same behavior in terms of input and output variables but it is based on IP address.

Last but not the least, don’t forget to apply your configuration changes.

Conclusion

Well, that’s it. That was a simple implementation of basic authentication together with IP restricting, cookie handling, and specific configuration for specific URLs with powerful commands like geo and map.

I hope this post helped you! 👊

Etribes Tech

Etribes is a tech-driven consulting firm focusing on the…

Yubraj Ghimire

Written by

A Web Coder

Etribes Tech

Etribes is a tech-driven consulting firm focusing on the digitalization. We help businesses to face the challenges of the digitalization and digitize their existing business or develop new business models with them.

Yubraj Ghimire

Written by

A Web Coder

Etribes Tech

Etribes is a tech-driven consulting firm focusing on the digitalization. We help businesses to face the challenges of the digitalization and digitize their existing business or develop new business models with them.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store