Basic HTTP Authentication & PHP-FastCGI
Igor Clark
igor at pokelondon.com
Wed Jul 23 13:46:37 MSD 2008
Hi,
On 23 Jul 2008, at 10:27, Phillip B Oldham wrote:
> mike wrote:
>> like PHP_AUTH_USER that Apache gives you and stuff?
>>
> Yep, just like that.
I could be wrong but I think that this only happens once Apache has
already done the authorisation and granted access to the resource.
>> you can do it purely in PHP:
>> http://www.php.net/features.http-auth
> I thought nginx would have to pass the user/pass through to PHP via
> the fastcgi params?
As I understand it, if PHP sends HTTP/1.1 401 Unauthorized then the
browser should ask the user for credentials, and then send them back
through the Authorization header. If this is in a location block
without auth_basic, then nginx will pass this header through to PHP,
and PHP can base64-decode the credentials, do what it needs to do in
order to work out whether they're good credentials, and then return a
200 or another 401 appropriately. You may need to set
fastcgi_pass_header Authorization, I'm not sure - I've seen this
referred to in various nginx configs on the web but the version of
nginx I have on hand to test (0.5.35) seems to pass the
HTTP_AUTHORIZATION header through with or without this setting.
Cheers
i
--
Igor Clark • POKE • 10 Redchurch Street • E2 7DD • +44 (0)20 7749 5355
• www.pokelondon.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20080723/b60ad81b/attachment.html>
More information about the nginx
mailing list