'Stop password sharing with nginx

Would it be possible to prevent password sharing with nginx? I'd be using nginx and http based authentication to password protect a directory. I'd like to limit the number of IP numbers per user/pass combination and looking for a good strategy.

nginx

Solution 1:^[1]

You could restrict it by IP:

server {

....

location / {
        root   /var/www-data/restrictedfolder
        index  index.php;
        allow XX.XX.XX.XX; # Work
        allow ZZ.ZZ.ZZ.ZZ; # Work backup
        allow YY.YY.YY.YY; # Tim's Home
        deny all;
    }
....

}

So they need an approved IP and valid credentials.

Solution 2:^[2]

Nginx cant do this out of the box. Also, keep in mind people's IP address sometimes change for legitimate reasons. You cont really want to kick someone off, just because their router restarted.

To do this well, you need to track a variety of data sources. Cookies can help, but have their own challenges.

Userwatch is an API that can do all of this well.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source
Solution 1	Sterling Hamilton
Solution 2	Stephen

'Stop password sharing with nginx

Solution 1:[1]

Solution 2:[2]

Sources

Related Questions

Solution 1:^[1]

Solution 2:^[2]