Hi there,
I have the following rules in nginx:
server {
[...]
include /usr/local/openresty/nginx/whitelist;
deny all;
location / {
auth_basic "private";
auth_basic_user_file /usr/local/openresty/nginx/htpasswd;
rewrite_by_lua '
if ngx.var.request_method == "POST" then
ngx.req.read_body()
local body = ngx.req.get_body_data()
if body then
local select = "keyword"
local match = ngx.re.match(body, select, "jo")
if not match then
ngx.exit(400)
end
end
end
';
proxy_pass http://backend;
}
}
The problem is "deny all" and "auth_basic" come in effect only if the POST body contains the matching keyword. In other words, LUA matches first and if it is successful, only then it will check if the IP is whitelisted or if the request contains auth_basic.
Which is weird, I would have expected the following flow:
1. check whitelist
2. check auth_basic
3. check lua match
instead it's:
1. check lua match
2. check whitelist
3. check auth_basic
Is this normal or is there something wrong with my conf?