Am I going crazy? Mixing auth and PHP...

mike mike503 at gmail.com
Tue Jun 10 22:36:39 MSD 2008


I'm going to go ahead and repost this and ask Igor about it since he's back.

Igor - this is coming up now more often, I need a way to secure a full
path like /admin/ and still secure the php files underneath. Right now
if it matches the .php it forwards it on to fastcgi and skips the auth
step.

Is there a "smart" way to do this, or perhaps a quick patch? My only
option so far is to try to chain some rewrite rules so it passes auth
first then goes to the PHP stuff (like this pseudo code from Denis):

location /reports {
   auth_basic "Reports";
   auth_basic_user_file /home/foo/web/foo.com/.htpasswd;

   rewrite (.*)\.php$ /php/$1.php last;
}

location ~ /php/.*\.php {
       internal;
       fastcgi_pass 127.0.0.1:11019;
       fastcgi_index index.php;
}

Is there anything better right now? Any way to process both? (This
might require nested location blocks... I don't know)

Thanks a ton. This is one annoyance that's hitting me on a couple of
my nginx installs. Otherwise it's been the best webserver I've used!



On 6/2/08, mike <mike503 at gmail.com> wrote:
> http://foo.com/reports/ - prompts for auth like it should
> http://foo.com/reports/report.php - bypasses http auth
>
> the .php is being matched and the other location is ignored completely?
>
>        server {
>                listen 80;
>                server_name foo.com;
>                index index.php index.html;
>                root /home/foo/web/foo.com/;
>                location /reports {
>                    auth_basic "Reports";
>                    auth_basic_user_file /home/foo/web/foo.com/.htpasswd;
>                }
>                location ~ \.php {
>                        fastcgi_pass 127.0.0.1:11019;
>                        fastcgi_index index.php;
>                }
>        }
>
> Anything wrong here?
>
> How can I get auth working for the whole /reports dir? I tried even
> putting in the exact /reports/report.php URL in a location block, a
> regexp ^/reports etc...
>





More information about the nginx mailing list