Location directive disaster

Thomas Love tomlove at gmail.com
Thu May 26 03:15:34 MSD 2011


On 26 May 2011 00:57, phil1886 <nginx-forum at nginx.us> wrote:

> Hi everyone
>
>
Hi.


>                location /newwebsite/admin {
>                        index login.php;
>                        auth_basic              "Unauthorised use
> prohibited";
>                        auth_basic_user_file
> /home/username/www.website.com/.htpasswd;
>
>                }
>
> Of course I have the catch-all for all the php scripts:
>
>                location ~ \.php$ {
>                        include /etc/nginx/fastcgi_params;
>                        fastcgi_pass    127.0.0.1:9000;
>                        fastcgi_index   index.php;
>                        fastcgi_param   SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
>                        fastcgi_param   PATH_INFO
> $fastcgi_script_name;
>                }
>
>
> When I visit http://domain.com/newsite/admin/admin.php I am straight in
> without http basic-auth. This is not so good..!!
>
>


You have to put a copy of the ~ \.php$ location block inside the protected
location block (nested), otherwise the php block takes precedence and the
location parser does not match anything else.

I had exactly the same problem: http://forum.nginx.org/read.php?2,189220

Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20110526/542c8ee3/attachment.html>


More information about the nginx mailing list