All geek questions in one place

Nginx auth_basic time limit

I am protecting my dev server using nginx and the auth_basic module, but I cannot find a way to specify the interval at which authentication expires.

I would like to get nginx to ask for a password every 6 hours. Is there any way to do this? If not, then an acceptable workaround?

+6
source share
2 answers

Perhaps this is not possible. There is no documentation on the nginx HttpAuthBasicModule page to suggest that you can disable basic HTTP authentication.

The HTTP specification for Authorization headers also does not define a timeout mechanism. I do not expect that you will be able to rely on basic authentication if you need timeouts, unless you also come across a web application.

If you are working with a web application, you can maintain the session in a cookie and exit the session after a period of inactivity. When the session timeout ends, use the web application to send the following headers:

 HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic Realm="MyApp"

This will force the browser to request credentials again. If you need access to the user ID in your web application, you must find it in the REMOTE_USER CGI environment variable.

For efficient use of static assets using this technology, XSendfile can be useful .

+5
source

If you are still looking for a solution to this problem, I believe that the HttpAuthDigestModule is what you are looking for.

I found it today while surfing the internet.

Here are the links:

http://wiki.nginx.org/HttpAuthDigestModule

https://github.com/samizdatco/nginx-http-auth-digest

Hope this helps you.

+4
source

Source: https://habr.com/ru/post/900921/

More articles:


All Articles