Require a password for everything except one folder?

nrahl nginx-forum at
Thu Nov 6 22:35:09 UTC 2014

> You have denied access by ip address here, so 403 is the expected
> response, no?
> You may have more success if you can describe what response you
> expect,
> and provide a complete (small) server{} configuration that
> demonstrates
> the unwanted behaviour that you see.

The expected response is a password prompt on all locations, unless the IP
matches, in which case allow, or the path starts with /Public, in which case

Here's the whole config, it's not that long:

server {
   listen 443 ssl;

   root /path/to/www;
   index index.html index.php;

   error_log /var/log/nginx/debug.log debug;

   # Password Protect Everything
   satisfy any;
   allow; # Our IP
   deny all;
   auth_basic "Restricted";
   auth_basic_user_file /path/to/pw/file;

   ... ssl_certificate ...   
   error_page 404 /Errors/404.html;
   # If request is for the homepage, skip all rules and just serve it.
   location = / {
      try_files /cache/index.html @apache;

   location ~* ^/(blog|about)/(.*)\.(css|js|gif|jpe?g|png|pdf|htm?l)$ {
      rewrite ^/(blog|about)/(.*)\.(css|js|gif|jpe?g|png|pdf|htm?l)$
/wordpress/$2.$3 last;

   # Static CSS, JS and Image Files
   location ~* \.(css|js|gif|jpe?g|png|pdf|htm?l)$ {
      expires 168h;
      add_header Pragma public;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate";
      try_files $uri $uri/ =404;

   location ^~ /Public { # Disable access restriction on this location
      auth_basic off;
      try_files fake.html @apache;

   location / { # All other requests get proxy passed to apache.
      try_files fake.html @apache;

   # Proxy Pass
   location @apache {
      proxy_max_temp_file_size 0;
      proxy_buffering off;
      proxy_set_header X-Forwarded-Protocol $scheme;
      proxy_intercept_errors on;
      proxy_read_timeout 500;
      proxy_connect_timeout 500;
      proxy_set_header X-Real-IP  $remote_addr;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header Host $host;

Posted at Nginx Forum:,254625,254644#msg-254644

More information about the nginx mailing list