From c1c568e94dd4691ad3ddf2ace4569daa89d09020 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 25 Feb 2026 17:58:35 -0500
Subject: [PATCH] do not allow auth redirection to login page or home page;
 that serves no purpose

---
 salt/nginx/etc/nginx.conf | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf
index caa05bbff..7ebc23192 100644
--- a/salt/nginx/etc/nginx.conf
+++ b/salt/nginx/etc/nginx.conf
@@ -383,12 +383,16 @@ http {
 
 		location @error401 {
 			if ($request_uri ~* (^/connect/.*|^/oauth2/.*)) {
-				return	  401;
+				return    401;
 			}
+
 			if ($request_uri ~* ^/(?!(^/api/.*))) {
-				add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
 				add_header    Strict-Transport-Security   "max-age=31536000; includeSubDomains";
 			}
+
+			if ($request_uri ~* ^/(?!(api/|login|auth|oauth2|$))) {
+				add_header    Set-Cookie "AUTH_REDIRECT=$request_uri;Path=/;Max-Age=14400";
+			}
 			return        302 /auth/self-service/login/browser;
 		}