Access control by user agent #4803
bgh-github
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Wanted to float an idea I've had in the back of my mind for a while that could improve flexibility for access control rules and potentially simplify config. Hopefully I'm not missing anything major here.
Would it be possible to implement a new type of access control rule with respect to the client's user agent? This could work similar to domains allowing for basic pattern matching.
A couple of scenarios where this could be useful
curl
This also assumes the requests cannot already be differentiated by other means like a specific method, resource path or query string.
Currently, the solution I've been running with is:
In Authelia config
In the proxy (NGINX) config
Any case where the access policy must be set to the lowest common denominator isn't ideal, and incorporating user agent into the ruleset could help avoid this.
One downside is user agent is a relatively weak control that can be more easily spoofed than something like an (internal) IP address. Therefore, it wouldn't be advisable to use as the sole condition for bypass policies.
Beta Was this translation helpful? Give feedback.
All reactions