Am I going crazy? Mixing auth and PHP...

Denis S. Filimonov den.lists at gmail.com
Tue Jun 3 12:45:33 MSD 2008


I didn't try it but I guess something like the following should work:

location /reports {
    auth_basic "Reports";
    auth_basic_user_file /home/foo/web/foo.com/.htpasswd;
    rewrite (.*)\.php$ /php/$1.php last;
}

location ~ /php/.*\.php {
	internal;
        fastcgi_pass 127.0.0.1:11019;
        fastcgi_index index.php;
# you'll need to strip the added prefix is you set any fastcgi_param
}


On Tuesday 03 June 2008 03:37:05 mike wrote:
> ack this is going to be tricky
>
> i could secure /admin/ but if someone hit a script /admin/foo.php they
> could directly without credentials...
>
> On 6/3/08, Jean-Philippe <skateinmars at skateinmars.net> wrote:
> > Hi,
> >
> > This behavior is explained in
> > http://wiki.codemongers.com/NginxHttpCoreModule#location
> >
> > Only the PHP location is matched by /reports/report.php
> >
> > the solution may be to use nested locations (but this is an unstable
> > feature), or adding a specific location that matches something like
> > ^/reports.*\.php$
> >
> > mike a écrit :
> > > http://foo.com/reports/ - prompts for auth like it should
> > > http://foo.com/reports/report.php - bypasses http auth
> > >
> > > the .php is being matched and the other location is ignored completely?
> > >
> > >        server {
> > >                listen 80;
> > >                server_name foo.com;
> > >                index index.php index.html;
> > >                root /home/foo/web/foo.com/;
> > >                location /reports {
> > >                    auth_basic "Reports";
> > >                    auth_basic_user_file
> > > /home/foo/web/foo.com/.htpasswd; }
> > >                location ~ \.php {
> > >                        fastcgi_pass 127.0.0.1:11019;
> > >                        fastcgi_index index.php;
> > >                }
> > >        }
> > >
> > > Anything wrong here?
> > >
> > > How can I get auth working for the whole /reports dir? I tried even
> > > putting in the exact /reports/report.php URL in a location block, a
> > > regexp ^/reports etc...



-- 
Denis.





More information about the nginx mailing list