Protect a specific php file

voidandany nginx-forum at nginx.us
Fri Jan 13 11:13:28 UTC 2012


After some test I can give more detail.

In fact my app isn't directly in a subdirectory of my root, but in a
subdir of a subdir of the root.


root = /var/www/domain.fr;
myapp = /var/www/domain.fr/test/myapp


If I put it directly in a subdir of root it work


Here is my real conf :

server {
        listen       80;
        server_name  www.domain.fr;
        root         /var/www/domain.fr ;
        access_log      /var/log/nginx/access.log ;
        location / {
                deny all;
        }

        location /test/myapp {
                index  index.php;
                location ^~ /test/myapp/index.php {
                        auth_basic            "Section privee";
                        auth_basic_user_file 
$document_root/test/myapp/.htpasswd;
                        include         /etc/nginx/fastcgi_params;
                        fastcgi_param   SCRIPT_FILENAME 
$document_root$fastcgi_script_name;
                        fastcgi_pass    127.0.0.1:9000;
                }

                location ~ \.php$ {
                        include         /etc/nginx/fastcgi_params;
                        fastcgi_param   SCRIPT_FILENAME 
$document_root$fastcgi_script_name;
                        fastcgi_pass    127.0.0.1:9000;
                }
        }
}


With : http://www.domain.fr/test/myapp/index.php, password asked
With : http://www.domain.fr/test/myapp, no password asked, php file
downloaded

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,221094,221165#msg-221165



More information about the nginx mailing list