[Nginx] How to Exclude Specific URLs from Basic Authentication
I’ll introduce how to exclude specific URLs from Basic authentication in Nginx.
To exclude specific locations from Nginx Basic authentication, write a configuration file like the following:
# /usr/local/nginx/conf/yourdomain.example.com.conf
server {
listen 80;
# Basic authentication settings
auth_basic "auth";
auth_basic_user_file /path/to/.htpasswd;
root /path/to/root;
# Settings to exclude from Basic authentication
location /path/to/exception {
satisfy any;
allow all;
}
}
Alternatively, you can take an approach where you write to a file called bypass_basic_auth_locations and include it as follows:
# bypass_basic_auth_locations
location /css {
satisfy any;
allow all;
}
location /img {
satisfy any;
allow all;
}
location /js {
satisfy any;
allow all;
}
# /usr/local/nginx/conf/yourdomain.example.com.conf
server {
listen 80;
# Basic authentication settings
auth_basic "auth";
auth_basic_user_file /path/to/.htpasswd;
root /path/to/root;
# Settings to exclude from Basic authentication
include bypass_basic_auth_locations;
}
That’s all about excluding specific directories from Basic authentication in Nginx from the Gemba.