auth_basic and file uploads.

Maxim Dounin mdounin at
Thu Apr 11 11:00:27 UTC 2013


On Thu, Apr 11, 2013 at 06:18:19PM +1200, Steve Holdoway wrote:

> Hi Folks,
> I've got a magento site under development, and just want it to be
> password protected until it goes live. No problem I thought...
> add in the auth_basic/auth_basic_user_file entries to the location /
> block.
> However, when I do that, I get a password request for the upload...
> 2013/04/11 05:12:40 [error] 9866#0: *31 no user/password was provided
> for basic authentication, client: Mmy IP>, server:, request:
> "POST /index.php/admin/catalog_product_gallery/upload/key/<very long
> key> HTTP/1.1", host: ""
> If I enclose the auth_basic/auth_basic_user_file entries in a
> limit_except POST block, then I can't log in, wcwn though it them works
> perfectly if I'm already logged in!
> Any pointers??

If your browser sees password request only on file uploads, it may 
not be able to get 401 (Unauthorized) response correctly and retry 
the request with authentication.  I would expect this to be very 
similar to 413 (Request Entity Too Large) handling by browsers, as 
explicitly mentioned here in docs:

Obvious solution is to require authentication before the upload.

Maxim Dounin

More information about the nginx mailing list