Skip to main content Unauthenticated Paths Regex for Proxy Provider : r/Authentik
r/Authentik icon
Go to Authentik
•

Unauthenticated Paths Regex for Proxy Provider

Has anyone experience with unauthenticated paths in a Proxy Provider?
I'm trying do match an URI with a question mark, but it seems like there's a bug as mentioned in a github issue from 2023 https://github.com/goauthentik/authentik/issues/5504

What I want to add as unauthenticated path: app.mydomain.com/u3DGdc?dl=cpp
The regex which I tried were: 

^/.*\?dl=.*$
^/.*\\?dl=.*$

But it just doesn't work, any ideas on how to match this?

That feeling when you've completed all your tasks! It's exhilarating! Well, with monday.com’s work management platform, get more done in less time with no-code automations, real-time communication, and notifications! Smash that done button! Try now!
Sign Up
monday.com
Thumbnail image: That feeling when you've completed all your tasks! It's exhilarating! Well, with monday.com’s work management platform, get more done in less time with no-code automations, real-time communication, and notifications! Smash that done button! Try now!
Sort by:
Top (Default)
Open comment sort options
•

Update:

I set environment variable on the server container and saw that the question mark isn't even matched against the regex 

AUTHENTIK_LOG_LEVEL: trace

Authentik log: 

trace | event=nginx forwarded url logger=authentik.outpost.proxyv2.application name=Wastebin timestamp=2025-01-03T23:54:51+01:00 url=https://bin.mydomain.com/FWqR-b?dl=cpp 
trace | event=Matching URL against allow list logger=authentik.outpost.proxyv2.application match=false name=Wastebin regex=/*?dl=* timestamp=2025-01-03T23:54:51+01:00 url=/FWqR-b 
trace | event=Matching URL against allow list logger=authentik.outpost.proxyv2.application match=false name=Wastebin regex=^/.*([?])fmt=raw$ timestamp=2025-01-03T23:54:51+01:00 url=/FWqR-b 
trace | event=Matching URL against allow list logger=authentik.outpost.proxyv2.application match=false name=Wastebin regex=^/.*\..*$ timestamp=2025-01-03T23:54:51+01:00 url=/FWqR-b 
trace | event=Matching URL against allow list logger=authentik.outpost.proxyv2.application match=false name=Wastebin regex=^/burn/.*$ timestamp=2025-01-03T23:54:51+01:00 url=/FWqR-b 
trace | event=Matching URL against allow list logger=authentik.outpost.proxyv2.application match=false name=Wastebin regex=^/.*([/?].*)?.*=.*$ timestamp=2025-01-03T23:54:51+01:00 url=/FWqR-b 
trace | event=Matching URL against allow list logger=authentik.outpost.proxyv2.application match=false name=Wastebin regex=^/.*[\?]fmt=raw$ timestamp=2025-01-03T23:54:51+01:00 url=/FWqR-b 
INF | event=/outpost.goauthentik.io/auth/nginx host=bin.mydomain.com logger=authentik.outpost.proxyv2.application method=GET name=Wastebin remote=<serverip>:59052 runtime=0.754 scheme=http size=21 status=401 timestamp=2025-01-03T23:54:51+01:00 user_agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0

so basically all I have to match is "/FWqR-b" which is in the URL part, such regex looks like this: 

^/[\w-]{6,7}$
}