Let, you want to protect a page or any site in nginx by certain IP addresses access only. How would you do it in nginx? I will discuss some cases here about the situation.

You can give access to certain IP’s only by using:

But somehow you need to give access outside world too for collaborations and their IP is not static or fixed. So, you can not allow all IP’s, what would you do?

You can use “satisfy any” tag to do something as: First check if the user is from white-list ip, If yes then obviously he/she can access it. But the ip is not in white-list then it will ask user:password to access the site. You can do this by:

By the way, If you use nginx in front of tomcat loading spring security application then password will be asked repetitively which is frustrating. You need to pass blank authorization header.

As an example:

That is it. Thank you.

• nginx
• nginx proxy auth
• nginx proxy spring security basic auth
• satisfy any
• spring security and basic auth