Restricting access with HTTP basic authentication

You can restrict access to resources by implementing username/password authentication using the “HTTP Basic Authentication” protocol.

For more information on configuring HTTP Basic Authentication please refer to the NGINX Plus Restricting Access with HTTP Basic Authentication documentation.

Uploading a password file

F5 NGINX as a Service for Azure (NGINXaaS) accepts a file containing usernames and passwords using any of the password types specified in the NGINX documentation. The password file can be uploaded as a “protected file” when creating or updating your NGINX configuration to protect the file’s contents from being read. The password file can alternatively be uploaded as a regular file.

Screenshot of the Azure portal showing the password file upload

If the file is protected, you need to submit the password file again when making changes to any part of the NGINX configuration.

Configuring NGINX Plus for HTTP basic authentication

Inside the location or server you are protecting, specify the auth_basic directive giving a name to the password-protected area. Specify the auth_basic_user_file directive referencing the password file.

location /protected {
    auth_basic           "Protected Area";
    auth_basic_user_file /opt/.htpasswd;

Submit the NGINX configuration to apply it. You should be prompted to log in when you access the protected location or server.

The NGINX worker processes will open the password file. You must place the password file in a directory the worker processes are allowed to read or else all authenticated requests will fail.
  • /opt
  • /srv
  • /var/www