Excluding locations from access_by_lua

david.richardson · 2015-07-25T01:26:15+00:00

thanks for pointing me in the right direction :)On Friday, July 24, 2015 at 11:01:06 PM UTC+10, agentzh wrote:Hello! On Fri, Jul 24, 2015 at 1:27 PM, Centmi...

Excluding locations from access_by_lua

david.richardson

I have an access_by_lua_file applied at the server level and now need to exclude certain locations. We are using basic authentication.

First attempt is setting 'auth_basic off;' in those location blocks and testing 'if ngx.var.auth_basic' in access_by_lua_file but this isn't working.

The intention is to explicitly exclude authentication in specific locations.

Is there a preferred approach to this problem?

And if not, what is the correct syntax for testing the auth_basic setting in the access_by_lua_file?

david

agentzh

Hello!

On Sat, Jul 25, 2015 at 1:26 AM,  <david.r...@enquora.com> wrote:
> I have an access_by_lua_file applied at the server level and now need to
> exclude certain locations. We are using basic authentication.

Well, you can just add the following stub

    access_by_lua return;

to those locations you want to exclude to override the settings on the
server {} level.

> First attempt is setting 'auth_basic off;' in those location blocks and
> testing 'if ngx.var.auth_basic' in access_by_lua_file but this isn't
> working.

This won't work because the ngx_auth_basic module never exports any
builtin nginx variables, not to mention $auth_basic. See

http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html

I wonder where this $auth_basic thing comes from.

BTW, it's a generally a bad idea to use access_by_lua on the server {}
level since you have to be very careful about which locations to
exclude, including those used for "error_page" settings.

Regards,
-agentzh

david.richardson

Well, you can just add the following stub
access_by_lua return;

Simple and effective.

Thks.