Add drop_unauthorized parameter to proxy hosts

drop_unauthorized returns 444 when a client is not authorized as opposed to 403. It can be used with Client Certificate authorization.
2025-08-05 17:03:33 +00:00 · 2023-05-29 14:43:11 +10:00
parent f601105776
commit 6cf91a2e70
11 changed files with 85 additions and 4 deletions
--- a/backend/templates/_access.conf
+++ b/backend/templates/_access.conf
@@ -2,7 +2,7 @@
 {% if access_list.clientcas.size > 0 %}
    # TLS Client Certificate Authorization
    if ($ssl_client_verify != "SUCCESS") {
-        return 403;
+        return {% if drop_unauthorized == 1 %}444{% else %}403{% endif %};
    }
 {% endif %}
    {% if access_list.items.length > 0 %}