authelia: Simple access control rules doesn't work as expected
Bug Report
Hi, I just want to apply simple access control rules on a domain but it mysteriously does not work.
Test 1
First, here is default policy :
access_control:
default_policy: deny
Here is the rules :
rules:
- domain: wiki.domain.tld
ressources:
- "^/xxx"
policy: one_factor
- domain: wiki.domain.tld
policy: bypass
If I visit wiki.domain.ltd, I’m redirected to login page, it is not the expected behaviour.
Expected Behaviour
Home page should display !
Test 2
If I change policy of the first rule like this :
rules:
- domain: wiki.domain.tld
ressources:
- "^/xxx"
policy: bypass
- domain: wiki.domain.tld
policy: bypass
Now, wiki.domain.ltd page is displayed ! What happens ?? I’m very confused about this.
Expected Behaviour
Home page should not display !
Test 3
Even more surprising… if I now change policy of the second rule like this :
rules:
- domain: wiki.domain.tld
ressources:
- "^/xxx"
policy: bypass
- domain: wiki.domain.tld
policy: one_factor
Whaaat ?? wiki.domain.ltd page is still displayed ! It is not the expected behaviour at all !
Expected Behaviour
Home page should not display !!!
Additional Information
Authelia docker image : authelia/authelia:4.33.1 Traefik docker image : traefik:2.5.6
Any ideas ?
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 20 (8 by maintainers)
It does for most things, it should check ACL’s but for some reason I guess it didn’t, I will double check why this is but I suspect it’s a list of struct issue that can generally be difficult to solve. Generally we only allow known config options and fail startup.