[FEAT] Templated local network bypass for Authentik

[brianramseyau]

Is this a new feature request?

• I have searched the existing issues

Wanted change

Provide the ability for users to bypass Authentik authentication within theirlocal network, as a part of the proxy location configuration.

Reason for change

Doing a quick web search shows up a tonne of people who get frustrated and go to a/revert to a different service (like Authelia) as they cannot work out how to bypass the authentication inside their local network.

You cannot effectively do this in Authentik's configuration in the same way as you can in Authelia's policy.

Proposed code change

I've added this code block, above the auth_request section of authentik-location.conf and it works well. Perhaps it could be added commented out or wrapped in a conditional.

...
## Bypass Authentik for local networks
## Allow multiple rules blocks defined here to work in an "OR" fashion
satisfy any;
## Bypass auth_request for RFC1918 / local networks (see https://datatracker.ietf.org/doc/html/rfc1918)
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
...

[github-actions]

Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.

[brianramseyau]

I still feel this is valid and would help people out

[LinuxServer-CI]

This issue has been automatically marked as stale because it has not had recent activity. This might be due to missing feedback from OP. It will be closed if no further activity occurs. Thank you for your contributions.