That makes no sense.
Think about it. not remote_ip private_ranges
means effectively remote_ip public_ranges
. So applied to the handler, effectively: basicauth for public_ranges
.
If you remove the not
, then you’re making basicauth
apply to all private ranges. Which is the opposite of what you say you want.
You can’t just remove the not
because it’s “not working”. That’s not a solution.
Are you sure that the remote_ip
on the request you’re making actually is from a private IP? Check your access logs.
:80 {
@blocked {
not header_regexp User-Agent TestName1*|TestName2*
not remote_ip private_ranges
}
handle @blocked {
abort
}
handle {
@public not remote_ip private_ranges
basicauth @public {
USER PASS
}
reverse_proxy ip:port
}
}
You can just use private_ranges
, it’s a shortcut for all the CIDRs for private IPv4 and IPv6.