I have a special setup and need a exception from the basic auth configured just for one (sub-)path or source ip addresses.
Is it possible or could it be added as a new feature to the basic auth plugin?
I have a special setup and need a exception from the basic auth configured just for one (sub-)path or source ip addresses.
Is it possible or could it be added as a new feature to the basic auth plugin?
Exceptions add complexity. How would you propose this work with the basicauth plugin?
Hi @matt
if it would add to much complexity just forget my idea
I try to get direct access for some source ip addresses to the /api path, but all users should be authenticated by basic auth, client cert, … Just to secure the web admin interface
Any way / idea how to get something like that working? Another way could be a second reverse proxy and a rewrite from api subdomain to the /api path.
Okay How much or what kind of complexity is still unclear, and I don’t want to dismiss the idea before then.
So you want all users who access /api to have client cert? Or basic auth? (or both?) But not the rest of the site. Right?
The API (/api) doen’t support additional pre-auth (like basic auth or cert auth), because the backend use token auth.
So I try to secure the web admin ("/"), but need an exception for the API path /api without any additional (reverse proxy) auth.
So basic auth required for all, but NO basic auth for path /api
A workaround could ba a additional revproxy / vhost with a subdomain mapped to the api
api.example.com → example.com/api as workaround if the is no “simple” solution to work with an exception.
I would use the subdomain and then just rewrite:
api.example.com {
rewrite / example.com/api
}
Very simple compared to adding exception rules to the basic auth plugin.
I have created a new vhost with a different subdomain which proxies to the api backend server and access restriction by ipfilter.
Thanks!
You’re welcome! I’m glad that will work for you
I needed this functionality for a project of mine that has a Web App Manifest. I wanted the app to be behind basic auth but the manifest file must not be for it to be recognised.
I have simply amended the code and rebuilt from source, with the new (backwards compatible) syntax:
basicauth user pass {
/
not /manifest.json
}
Seems to work fine - the question is (@matt), should I go to the trouble of adding tests and submitting a pull request? I understand you not wanting to add complexity, so won’t bother if you don’t want this in mainline caddy. But I would be happy to if you did.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.