no basic auth from outside network

rattus nginx-forum at nginx.us
Sun May 20 22:58:53 UTC 2012


After further testing, it's not the basic auth that's causing the
problem... it's simply trying to access subdirectories from outside.
Makes me thing I've messed something up in my nginx.conf:


worker_processes  1;
events {
    worker_connections  64;
}
http {
  ssl_ciphers
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-SHA;
  ssl_prefer_server_ciphers on;
  ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_session_timeout 5m;

 ## Timeouts 
  keepalive_timeout       300 300;

 ## General Options
  charset                 utf-8;
  default_type            application/octet-stream;
  ignore_invalid_headers  on;
  types {
    text/html	html;
    image/gif	gif;
    image/jpeg	jpg;
  }
  keepalive_requests      20;
  max_ranges              0;
  recursive_error_pages   on;
  sendfile                on;
  server_tokens           off;
  source_charset          utf-8;

 ## Request limits
  limit_req_zone  $binary_remote_addr  zone=fred:1m   rate=60r/m;

 ## Compression
  gzip                 on;
  gzip_static          on;
  gzip_vary            on;

 ## Log Format
  log_format  main  '$remote_addr $host $remote_user [$time_local]
"$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"
$ssl_cipher $request_time';

 ## http .:. redirect to https
  server {
      access_log  /var/log/nginx/access.log main buffer=32k;
      error_log   /var/log/nginx/error.log error;
      expires     0;
      limit_req   zone=fred burst=200 nodelay;
      listen      80;
      root        /var/empty;
      rewrite ^ https://192.168.1.100$request_uri permanent;
  }

 ## https .:. (www.)example.com
  server {
      add_header Cache-Control "public";
      add_header Strict-Transport-Security "max-age=315360000;
includeSubdomains";
      access_log  /var/log/nginx/access.log main buffer=32k;
      error_log   /var/log/nginx/error.log error;
      expires     max;
      index       index.html;
      limit_req   zone=fred burst=200 nodelay;
      listen      443;
      root        /var/www/htdocs;
      server_name 192.168.1.100;

     ## Basic auth on test
      location / { 
      }

      location ^~ /test/ {
        index	index.html;
        auth_basic "Admin Login";
        auth_basic_user_file .htpasswd;
      }
                                    
      #!!! IMPORTANT !!! We need to hide the password file from prying
eyes
      # This will deny access to any hidden file (beginning with a
.period)
      location ~ /\. { deny  all; }

     ## SSL Certs
      ssl on;
      ssl_session_cache shared:SSL:10m;
      ssl_certificate /home/root/ssl/test.crt;
      ssl_certificate_key /home/root/ssl/test.key;
      ssl_ecdh_curve secp521r1;

     ## Stop Image and Document Hijacking
      location ~* (\.jpg|\.gif|\.png|example\.css)$ {
        if ($http_referer !~ ^(https://192.168.1.100) ) {
          return 404;
        }
      }

     ## All other errors get the generic error page
      error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413
414 415 416 417 495 496 497 500 501 502 503 504 505 506 507
/error_page.html;
      location  /example_error_page.html {
          internal;
      }
  }
}

...again, it just hangs accessing subdirectories like "test", while
everything works well from within the local network. The www root
directory index.html serves up fine, even redirected to 443.

TIA, 

Mike

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,226665,226666#msg-226666



More information about the nginx mailing list