{% if access_list_id > 0 %}
{% if access_list.clientcas.size > 0 %}
    # TLS Client Certificate Authorization
    if ($ssl_client_verify != "SUCCESS") {
        return {% if drop_unauthorized == 1 %}444{% else %}403{% endif %};
    }
{% endif %}
    {% if access_list.items.length > 0 %}
    # Authorization
    auth_basic            "Authorization required";
    auth_basic_user_file  /data/access/{{ access_list_id }};

    {% if access_list.pass_auth == 0 %}
    proxy_set_header Authorization "";
    {% endif %}

    {% endif %}

    # Access Rules: {{ access_list.clients | size }} total
    {% for client in access_list.clients %}
    {{client | nginxAccessRule}}
    {% endfor %}
    deny all;

    # Access checks must...
    {% if access_list.satisfy_any == 1 %}
    satisfy any;
    {% else %}
    satisfy all;
    {% endif %}
{% endif %}