restrict sub-directory access divert if not authenticated

jacograaff nginx-forum at
Mon Mar 16 23:59:12 UTC 2015

Hi thanks for that

your suggestion:
So you say that /shop/index.php doesn't land to /shop/ location? Then
ensure that you don't have location /shop/index.php , otherwise see
debug log

I do want access to /shop/ as well as /shop/index.php - but only to a select
ip-range or password

my directive works for /shop/

but if someone types in /shop/index.php they will see the index.php page
since the directive for php files overwrites the shop subfolder directive.

They see the php file but the html, js, css, img resources does not load
because those do still obey my "location /shop/" directive

I guess I have to either

1. declare as: "location /shop/ ~ \.php$"


2. inside the location "/shop/" directive have a clause to force php not to
obey the above "location ~ \.php$" directive

Posted at Nginx Forum:,257266,257293#msg-257293

More information about the nginx mailing list