Basic HTTP Authentication & PHP-FastCGI
igor at pokelondon.com
Wed Jul 23 13:46:37 MSD 2008
On 23 Jul 2008, at 10:27, Phillip B Oldham wrote:
> mike wrote:
>> like PHP_AUTH_USER that Apache gives you and stuff?
> Yep, just like that.
I could be wrong but I think that this only happens once Apache has
already done the authorisation and granted access to the resource.
>> you can do it purely in PHP:
> I thought nginx would have to pass the user/pass through to PHP via
> the fastcgi params?
As I understand it, if PHP sends HTTP/1.1 401 Unauthorized then the
browser should ask the user for credentials, and then send them back
through the Authorization header. If this is in a location block
without auth_basic, then nginx will pass this header through to PHP,
and PHP can base64-decode the credentials, do what it needs to do in
order to work out whether they're good credentials, and then return a
200 or another 401 appropriately. You may need to set
fastcgi_pass_header Authorization, I'm not sure - I've seen this
referred to in various nginx configs on the web but the version of
nginx I have on hand to test (0.5.35) seems to pass the
HTTP_AUTHORIZATION header through with or without this setting.
Igor Clark • POKE • 10 Redchurch Street • E2 7DD • +44 (0)20 7749 5355
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx