htpasswd protection prompts for index.php download

Jim Ohlstein nginx-forum at nginx.us
Thu Mar 18 03:22:49 MSK 2010


This is the expected behavior. I would guess that your configuration file contains a different location block for handling files with a ".php" extension. In this case nginx will only match one location. See http://wiki.nginx.org/NginxHttpCoreModule#location.

To avoid serving the index.php file as a text file you can try using nested location blocks. This is an undocumented feature and can have unpredictable results, but in this case I guess it will work OK.

Try something like:


location ~ /srv/www/users/me/(folder1|folder2)/.* {
auth_basic "Restricted";
auth_basic_user_file /srv/www/users/me/folder1/.htpasswd;
location ~\.php {
fastcgi_pass 127.0.0.1:9000;  # substitute here with appropriate PHP backend address or proxy_pass statement and parameters.
...
}
}


Posted at Nginx Forum: http://forum.nginx.org/read.php?2,65055,65059#msg-65059




More information about the nginx mailing list