I need a little help for Authelia, how to use 2FA only for connections arriving from internet, to bypass authentication if connecting from internal network.
I am using official container image authelia/authelia and letsencrypt/nginx from LSIO.
If I understood correctly here https://github.com/authelia/authelia/blob/master/config.template.yml, this setting, under access_control should use one_factor auth for network 192.168.1.0/24:
- domain: secure.example.com policy: one_factor # Network based rule, if not provided any network matches. networks: - 192.168.1.0/24
What i want to do is opposite, allow access to web site without authentication, go directly to web site if accessing it from internal network, and use 2FA if accessing same web site from internet.
For now configuration I have is working from internal network as well as from internet, authenticating using 2FA all web sites without any problem. I just want to bypass 2FA from internal network. This is what I tried but it’s not working:
access_control: default_policy: deny rules: - domain: "*.example.com" policy: two_factor networks: - 0.0.0.0/5 - 126.96.36.199/7 - 188.8.131.52/8 - 184.108.40.206/6 - 220.127.116.11/4 - 18.104.22.168/3 - 22.214.171.124/2 - 126.96.36.199/3 - 188.8.131.52/5 - 184.108.40.206/6 - 220.127.116.11/12 - 18.104.22.168/11 - 22.214.171.124/10 - 126.96.36.199/9 - 188.8.131.52/8 - 184.108.40.206/7 - 220.127.116.11/4 - 192.0.0.0/9 - 18.104.22.168/11 - 22.214.171.124/13 - 126.96.36.199/16 - 188.8.131.52/15 - 184.108.40.206/14 - 220.127.116.11/12 - 18.104.22.168/10 - 22.214.171.124/8 - 126.96.36.199/7 - 188.8.131.52/6 - 184.108.40.206/5 - 220.127.116.11/4
I just get authenticated from internal network and from internet. Like the setting is not there.
And yes, I did restart Authelia container.
If someone already tried something or has some idea…