HT Auth Problem

matt91 nginx-forum at nginx.us
Sat Jun 6 17:09:47 MSD 2009 

I am having a problem with HT Auth where it will protect the directory and all files in it except the php files, I think this is a problem with nginx passing all php files for processing by fcgi before the authentication. For example mysite.com/imnottelling/ and mysite.com/imnottelling/hello.html is protected however mysite.com/imnottelling/anything.php is not. Here is my virtual host config file for the domain:

server {
	listen   81;
	
	server_name tributes-direct.co.uk www.tributes-direct.co.uk *.tributes-direct.co.uk;

	access_log  /var/log/nginx/localhost.access.log;
	
	rewrite ^/adamcarter$ /tributedetails.php?name=elvis_adam_carter&page=1 break;
	rewrite ^/bg_sound_([^_]*)\.xspf$ /includes/bg_audio_player/bg_sound.php?tributeid=$1 break;
	rewrite ^/adamcarter$ /tributedetails.php?name=elvis_adam_carter&page=1 break;
	rewrite ^/elvis$ /tributeindex.php?artiste=elvis break;
	rewrite ^/_([^/]*)$ /tributedetails.php?name=$1 break;
	rewrite ^/_(.*)/page/(.*)$ /tributedetails.php?name=$1&page=$2 break;
	rewrite ^/_(.*)/art/(.*)$ /tributedetails.php?name=$1&artisteid=$2 break;
	rewrite ^/_(.*)/cat/(.*)$ /tributedetails.php?name=$1&cat=$2 break;

	location / {
		root   /var/www/tributes-direct.co.uk;
		index  index.php index.html index.htm;
	}
	location  /imnottelling/*  {
		root   /var/www/tributes-direct.co.uk;
		index  index.php index.html index.htm;
		auth_basic            "Restricted";
		auth_basic_user_file  /var/www/tributes-direct.co.uk/imnottelling/.htpasswd;
	}

	#error_page  404  /var/www/err/404.html;

	# redirect server error pages to the static page /50x.html
	#
	#error_page   500 502 503 504  /50x.html;
	#location = /50x.html {
	#	root   /var/www/err;
	#}

	location ~ \.php$ {
		fastcgi_pass   127.0.0.1:9000;
		fastcgi_index  index.php;
		fastcgi_param  SCRIPT_FILENAME  /var/www/tributes-direct.co.uk/$fastcgi_script_name;
		include fastcgi_params;
	}

	serve static files directly
	location ~ .(jpg|jpeg|gif|css|png|js|ico)$ {
		access_log        off;
		expires           30d;
	}

	# protect htaccess
	location ~ /\. {
    		deny  all;
	}
}



And yep, I know the .htpasswd is in an accessible location ;-)

Thank you for your help.

 Matt

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,2667,2667#msg-2667

More information about the nginx mailing list