Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

nginx auth_basic time limitation

Tags:

authentication

nginx

I'm protecting my dev server using nginx and the auth_basic module, but I can't seem to find a way to specify the interval at which the 'authentication' expires.

I would like to be able to force nginx to ask for the password say every 6 hours. Is there a way to do that? If not, what is an acceptable workaround?

like image 903
ergelo Avatar asked Nov 07 '11 09:11

ergelo

People also ask

What is Auth_basic in nginx?

auth_basic. auth_basic_user_file. The ngx_http_auth_basic_module module allows limiting access to resources by validating the user name and password using the “HTTP Basic Authentication” protocol. Access can also be limited by address, by the result of subrequest, or by JWT.

Does basic authentication expire?

In September 2021, we announced that effective October 1, 2022, we will begin disabling Basic authentication for Outlook, EWS, RPS, POP, IMAP, and EAS protocols in Exchange Online.

How do I generate Htpasswd Nginx?

htpasswd within our /etc/nginx configuration directory. The first time we use this utility, we need to add the -c option to create the specified file. We specify a username ( sammy in this example) at the end of the command to create a new entry within the file: sudo htpasswd -c /etc/nginx/.

2 Answers

It's probably not possible. There doesn't seem to be any documentation on the nginx HttpAuthBasicModule page to suggest that you can timeout Basic HTTP authentication.

The HTTP specification for Authorization headers also does not specify a timeout mechanism. I don't expect you'll be able to rely on basic authentication if you need timeouts, unless you're also fronting a web application.

If you're fronting a web application, you could maintain a session in a cookie and time out the session after a period of inactivity. When the session timeout finishes, use your web application to send the following headers:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic Realm="MyApp"

That will prompt the browser to ask for credentials again. If you need access to the user's identity in your web application, you should find it in the REMOTE_USER CGI environment variable.

To serve static assets efficiently using this technique, XSendfile might be useful.

like image 139
Jonathan Avatar answered Oct 21 '22 17:10

Jonathan

If you are still looking for solution to this issue, I believe HttpAuthDigestModule is what you are looking for.

I just found it today while surfing the Internet.

Here are the links:

http://wiki.nginx.org/HttpAuthDigestModule

https://github.com/samizdatco/nginx-http-auth-digest

Hopefully it helps you.

like image 25
Sharuzzaman Ahmat Raslan Avatar answered Oct 21 '22 16:10

Sharuzzaman Ahmat Raslan
Sign in to Comment

Related questions

Could not find FirebaseUI widget error
How to invoke Cloud Function from Cloud Scheduler with Authentication
Detect if a web user is currently logged in Google?
How can I use certificate authentication with HttpsURLConnection?
How to stay logged in even when user force quits the app with Ionic / Cordova?
JWT token refresh (sliding sessions) and signout
Is it possible to use MSAL.js to get refresh token?
Authenticating to Active Directory with python-ldap always returns (97, [])
Can you migrate AWS Cognito users between user pools?
Hiding my sensitive information (e.g. password) from github
Can I use Android's AccountManager for getting OAuth access token for AppEngine?
Cookie authentication with Python requests
TouchID forward to system passcode authentication
git: osxkeychain credential helper silently fails to remember username/password
Setting up third-party server to interact with Game Center
ERR Client sent AUTH, but no password is set
Java Web Application: Using a custom realm
web.config in folder allowing all or no user authentication
authentication in spring boot using graphql
Clean Architecture and authentication. Correct way?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!