authelia: Unable to bypass on certain resources for domain

With the following config I’m still presented with an login window? I was under the presumption that if I was trying to access for instance https://sub.domain.tld/path1/api/... I would not need to authenticate? 😄

Small config snippet

access_control:
  default_policy: deny
  rules:
    - domain: 'sub.domain.tld'
      resources:
        - '^/path1/rpc.*$'
        - '^/path2/api.*$'
        - '^/path3/api.*$'
      policy: bypass

    - domain: '*.domain.tld'
      subject: 'group:admins'
      policy: two_factor

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 22 (14 by maintainers)

Most upvoted comments

Hello @jkaberg ,

access_control:
  default_policy: deny
  rules:
  - domain: 'sub.domain.tld'
    policy: bypass

should be enough for any resource from sub.domain.tld to be allowed to everyone.

In your first example you provided /path1/api/... which either matches your second rule if you’re an admin or the default policy if you’re not.

For the latest example you require, the following should be ok

access_control:
  default_policy: deny
  rules:
  - domain: 'sub.domain.tld'
    resources:
    - "^/path1/.*$"
    policy: bypass
+1
clems4ever on Mar 18, 2019
Read more comments on GitHub
← authelia: U2F is not working under Firefox 62
zerocode: [KAFKA]Cannot inject ZeroCode variables into Validators →