diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index 255866e2ed1c6..f841a8ddfba58 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -240,6 +240,9 @@ func NewFuncMap() []template.FuncMap {
"DisableImportLocal": func() bool {
return !setting.ImportLocalPaths
},
+ "DisableReverseProxyAuth": func() bool {
+ return !setting.Service.EnableReverseProxyAuth
+ },
"Dict": func(values ...interface{}) (map[string]interface{}, error) {
if len(values)%2 != 0 {
return nil, errors.New("invalid dict call")
diff --git a/routers/web/web.go b/routers/web/web.go
index 545194aabd3ed..2291b10c45160 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -225,6 +225,14 @@ func RegisterRoutes(m *web.Route) {
}
}
+ // reverseProxyAuthDisabled requires reverse proxy authentication to be disabled by admin.
+ reverseProxyAuthDisabled := func(ctx *context.Context) {
+ if setting.Service.EnableReverseProxyAuth {
+ ctx.Error(http.StatusForbidden)
+ return
+ }
+ }
+
// FIXME: not all routes need go through same middleware.
// Especially some AJAX requests, we can reduce middleware number to improve performance.
// Routers.
@@ -255,8 +263,8 @@ func RegisterRoutes(m *web.Route) {
// ***** START: User *****
m.Group("/user", func() {
- m.Get("/login", auth.SignIn)
- m.Post("/login", bindIgnErr(forms.SignInForm{}), auth.SignInPost)
+ m.Get("/login", reverseProxyAuthDisabled, auth.SignIn)
+ m.Post("/login", reverseProxyAuthDisabled, bindIgnErr(forms.SignInForm{}), auth.SignInPost)
m.Group("", func() {
m.Combo("/login/openid").
Get(auth.SignInOpenID).
diff --git a/templates/base/head_navbar.tmpl b/templates/base/head_navbar.tmpl
index 5ce1d0b888148..36d0171ee2873 100644
--- a/templates/base/head_navbar.tmpl
+++ b/templates/base/head_navbar.tmpl
@@ -183,7 +183,7 @@
- {{else}}
+ {{else if DisableReverseProxyAuth}}
{{.i18n.Tr "help"}}