HT Auth Problem
matt91
nginx-forum at nginx.us
Sat Jun 6 17:09:47 MSD 2009
I am having a problem with HT Auth where it will protect the directory and all files in it except the php files, I think this is a problem with nginx passing all php files for processing by fcgi before the authentication. For example mysite.com/imnottelling/ and mysite.com/imnottelling/hello.html is protected however mysite.com/imnottelling/anything.php is not. Here is my virtual host config file for the domain:
server {
listen 81;
server_name tributes-direct.co.uk www.tributes-direct.co.uk *.tributes-direct.co.uk;
access_log /var/log/nginx/localhost.access.log;
rewrite ^/adamcarter$ /tributedetails.php?name=elvis_adam_carter&page=1 break;
rewrite ^/bg_sound_([^_]*)\.xspf$ /includes/bg_audio_player/bg_sound.php?tributeid=$1 break;
rewrite ^/adamcarter$ /tributedetails.php?name=elvis_adam_carter&page=1 break;
rewrite ^/elvis$ /tributeindex.php?artiste=elvis break;
rewrite ^/_([^/]*)$ /tributedetails.php?name=$1 break;
rewrite ^/_(.*)/page/(.*)$ /tributedetails.php?name=$1&page=$2 break;
rewrite ^/_(.*)/art/(.*)$ /tributedetails.php?name=$1&artisteid=$2 break;
rewrite ^/_(.*)/cat/(.*)$ /tributedetails.php?name=$1&cat=$2 break;
location / {
root /var/www/tributes-direct.co.uk;
index index.php index.html index.htm;
}
location /imnottelling/* {
root /var/www/tributes-direct.co.uk;
index index.php index.html index.htm;
auth_basic "Restricted";
auth_basic_user_file /var/www/tributes-direct.co.uk/imnottelling/.htpasswd;
}
#error_page 404 /var/www/err/404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /var/www/err;
#}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/tributes-direct.co.uk/$fastcgi_script_name;
include fastcgi_params;
}
serve static files directly
location ~ .(jpg|jpeg|gif|css|png|js|ico)$ {
access_log off;
expires 30d;
}
# protect htaccess
location ~ /\. {
deny all;
}
}
And yep, I know the .htpasswd is in an accessible location ;-)
Thank you for your help.
Matt
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,2667,2667#msg-2667
More information about the nginx
mailing list