NGINX satisfy any allows all connections

I've got a pretty barebones setup file server on NGINX. Like many, I want to access it from home IP without login, but still be able to login remotely.

From what I read online,

                satisfy any;

                allow MY.IP.ADDRESS.HERE;
                deny all;

                auth_basic "Hello";
                auth_basic_user_file auth.conf;

beneath a location block should allow access if the IP address matches, else use HTTP auth. HTTP auth works as expected if used by itself. Location is a simple (globally) autoindex'd directory, with no other config under it.

I don't have any other authentication related settings set globally under the server block. Regardless of that, the satisfy any portion always 'evaluates' to true, regardless of IP.

If I change it to satisfy all, it works as expected requiring both the IP match and HTTP auth.

I have a feeling there's an obscure setting somewhere messing with things. Any help appreciated, Thanks!