Am I going crazy? Mixing auth and PHP...
mike
mike503 at gmail.com
Tue Jun 3 11:37:05 MSD 2008
ack this is going to be tricky
i could secure /admin/ but if someone hit a script /admin/foo.php they
could directly without credentials...
On 6/3/08, Jean-Philippe <skateinmars at skateinmars.net> wrote:
> Hi,
>
> This behavior is explained in
> http://wiki.codemongers.com/NginxHttpCoreModule#location
>
> Only the PHP location is matched by /reports/report.php
>
> the solution may be to use nested locations (but this is an unstable
> feature), or adding a specific location that matches something like
> ^/reports.*\.php$
>
> mike a écrit :
>
> > http://foo.com/reports/ - prompts for auth like it should
> > http://foo.com/reports/report.php - bypasses http auth
> >
> > the .php is being matched and the other location is ignored completely?
> >
> > server {
> > listen 80;
> > server_name foo.com;
> > index index.php index.html;
> > root /home/foo/web/foo.com/;
> > location /reports {
> > auth_basic "Reports";
> > auth_basic_user_file /home/foo/web/foo.com/.htpasswd;
> > }
> > location ~ \.php {
> > fastcgi_pass 127.0.0.1:11019;
> > fastcgi_index index.php;
> > }
> > }
> >
> > Anything wrong here?
> >
> > How can I get auth working for the whole /reports dir? I tried even
> > putting in the exact /reports/report.php URL in a location block, a
> > regexp ^/reports etc...
> >
> >
>
>
More information about the nginx
mailing list