Basic authentication

Jim Ohlstein jim at ohlste.in
Fri Jan 13 22:05:43 UTC 2017


Hello,

On 01/13/2017 04:42 PM, lacibaci wrote:
> I have a location that I would like to protect:
>
> location /private {
>     satisfy any;
>
>     allow 192.168.1.0/24;
>     deny  all;
>
>     auth_basic           "Protected";
>     auth_basic_user_file conf/htpasswd;
> }
>
> This works for /private /private/ and /private/somefile.html
>
> However, when I request (GET or POST) /private/foo.php it will execute
> without auth.
>
> How can I set it up so everything under /private is protected?
>

The request is probably being handled by a different location (ie the 
one that handles PHP requests).

See http://nginx.org/en/docs/http/ngx_http_core_module.html#location for 
the order in which location is determined.

-- 
Jim Ohlstein


More information about the nginx mailing list