On Wed, Sep 21, 2016 at 05:28:26PM -0400, c0nw0nk wrote: Hi there,
> Thanks for the information so based of what that resource says and from what > I understand surely that field should only say "anonymous" or "username" if > on those files / folders in my Nginx config I use "auth_basic" ? No. That variable has a value if the request includes the Authorization header that indicates Basic authentication. It has a value whether or not the password provided is correct. If you don't use auth_basic, or have not otherwise confirmed that the provided password is valid and matches the username provided, then you have no reason to believe that the provided name is "real". > Because I don't use auth_basic anywhere would anything bad happen if I did > the following. > > if($remote_user != "^$") { #Block requests where the user is not empty / > missing > return 444; > } "if" uses "=" for string match, and "~" for regex match. So your idea is sound, but the implementation is wrong. f -- Francis Daly fran...@daoine.org _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx