On Wed, Sep 21, 2016 at 05:28:26PM -0400, c0nw0nk wrote:
Hi there,
> Thanks for the information so based of what that resource says and from what
> I understand surely that field should only say "anonymous" or "username" if
> on those files / folders in my Nginx config I use "auth_basic" ?
No.
That variable has a value if the request includes the Authorization
header that indicates Basic authentication.
It has a value whether or not the password provided is correct.
If you don't use auth_basic, or have not otherwise confirmed that the
provided password is valid and matches the username provided, then you
have no reason to believe that the provided name is "real".
> Because I don't use auth_basic anywhere would anything bad happen if I did
> the following.
>
> if($remote_user != "^$") { #Block requests where the user is not empty /
> missing
> return 444;
> }
"if" uses "=" for string match, and "~" for regex match.
So your idea is sound, but the implementation is wrong.
f
--
Francis Daly fran...@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
