Can auth_basic restrict files in certain folder?

WisdomFusion nginx-forum at nginx.us
Mon Mar 29 11:08:31 MSD 2010


Rob Schultz Wrote:
-------------------------------------------------------
> Hi Gavin,
> 
> > I have some problem with my nginx
> > I just could not restrict files in certain
> floder, as follows, i put the settings to
> nginx.conf
> > 
> >    location ~ ^/restrict/
> >    {
> >      auth_basic             "STATISTIC";
> >      auth_basic_user_file  
> /usr/local/nginx/conf/pwfornginx
> >    }
> > 
> > 
> > the folder /restrict/ is restricted perfect,
> however, files in the folder can still be
> accessed,
> > /restrict/somefile.php
> > 
> > What's the matter? any ideas?
> 
> The problem is you somewhat have to rethink how
> NginX process the request. read here for more
> details
> http://nginx.org/en/docs/http/request_processing.h
> tml#simple_php_site_configuration but to sum it up
> you probably have a something like
> location ~ .*\.php${
> }
> in your config which actually handles the
> /restrict/somefile.php instead of 
> location ~ ^/restrict/ { } 
> there is two ways to remidy this. you can do
> something like
> 
> location ~ ^/restrict/.*\.php$ {
> #rest of auth config
> }
> 
> or you can do sub-locations *note* this is the
> only instance that i have read where it is safe to
> do nested locations. YMMV
> 
>    location ~ ^/restrict/
>    {
>      auth_basic             "STATISTIC";
>      auth_basic_user_file  
> /usr/local/nginx/conf/pwfornginx
>         location ~ .*\.php$ {
> 	  #include your php config for processing ie
> proxy_pass or fastcgi_pass
>         }
>    }
> 
> v/r,
> Rob
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx


Hi, Rob

Great thanks for your quick reply. I have tried your suggestion out, and add the following config:

    location ~ ^/restrict/
    {
      auth_basic             "STATISTIC";
      auth_basic_user_file   /usr/local/nginx/conf/pwfornginx
    }
    location ~ ^/restrict/.*\.php$
    {
      auth_basic             "STATISTIC";
      auth_basic_user_file   /usr/local/nginx/conf/pwfornginx
    }


However, it is still not working. No authorization is required when I try to get access to a certain page in the restricted folder.

V/R,

gavin

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,68890,68944#msg-68944




More information about the nginx mailing list