HT Auth Problem

Rob Schultz rschultz7 at gmail.com
Sat Jun 6 19:50:08 MSD 2009


You have to use a nested location like
location /imnottelling {
           auth_basic "Restricted";
           auth_basic_user_file /var/www/tributes-direct.co.uk/ 
imnottelling/.htpasswd;
           location ~ .*\.php$ {
                    fastcgi_pass   127.0.0.1:9000;
                    fastcgi_index   index.php;
		   fastcgi_param  SCRIPT_FILENAME  /var/www/tributes-direct.co.uk/ 
imnottelling/$fastcgi_script_name;
                    include fastcgi_params;
            }
}

Igor has warned that nested locations has bugs in inheritance but that  
this one will work correctly. http://marc.info/?l=nginx&m=124301482813284&w=2

Also a note its easier if you use
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
in your fastcgi_params. Then if you have your root's set right and  
redefined it will properly fill the correct SCRIPT_FILENAME without  
you having to do it in each of your php blocks if you have multiple of  
them. Just 1 less thing that is needed to be redefined.

Rob
On Jun 6, 2009, at 8:09 AM, matt91 wrote:

> I am having a problem with HT Auth where it will protect the  
> directory and all files in it except the php files, I think this is  
> a problem with nginx passing all php files for processing by fcgi  
> before the authentication. For example mysite.com/imnottelling/ and  
> mysite.com/imnottelling/hello.html is protected however mysite.com/ 
> imnottelling/anything.php is not. Here is my virtual host config  
> file for the domain:
>
> server {
> 	listen   81;
> 	
> 	server_name tributes-direct.co.uk www.tributes-direct.co.uk  
> *.tributes-direct.co.uk;
>
> 	access_log  /var/log/nginx/localhost.access.log;
> 	
> 	rewrite ^/adamcarter$ /tributedetails.php? 
> name=elvis_adam_carter&page=1 break;
> 	rewrite ^/bg_sound_([^_]*)\.xspf$ /includes/bg_audio_player/ 
> bg_sound.php?tributeid=$1 break;
> 	rewrite ^/adamcarter$ /tributedetails.php? 
> name=elvis_adam_carter&page=1 break;
> 	rewrite ^/elvis$ /tributeindex.php?artiste=elvis break;
> 	rewrite ^/_([^/]*)$ /tributedetails.php?name=$1 break;
> 	rewrite ^/_(.*)/page/(.*)$ /tributedetails.php?name=$1&page=$2 break;
> 	rewrite ^/_(.*)/art/(.*)$ /tributedetails.php?name=$1&artisteid=$2  
> break;
> 	rewrite ^/_(.*)/cat/(.*)$ /tributedetails.php?name=$1&cat=$2 break;
>
> 	location / {
> 		root   /var/www/tributes-direct.co.uk;
> 		index  index.php index.html index.htm;
> 	}
> 	location  /imnottelling/*  {
> 		root   /var/www/tributes-direct.co.uk;
> 		index  index.php index.html index.htm;
> 		auth_basic            "Restricted";
> 		auth_basic_user_file  /var/www/tributes-direct.co.uk/ 
> imnottelling/.htpasswd;
> 	}
>
> 	#error_page  404  /var/www/err/404.html;
>
> 	# redirect server error pages to the static page /50x.html
> 	#
> 	#error_page   500 502 503 504  /50x.html;
> 	#location = /50x.html {
> 	#	root   /var/www/err;
> 	#}
>
> 	location ~ \.php$ {
> 		fastcgi_pass   127.0.0.1:9000;
> 		fastcgi_index  index.php;
> 		fastcgi_param  SCRIPT_FILENAME  /var/www/tributes-direct.co.uk/ 
> $fastcgi_script_name;
> 		include fastcgi_params;
> 	}
>
> 	serve static files directly
> 	location ~ .(jpg|jpeg|gif|css|png|js|ico)$ {
> 		access_log        off;
> 		expires           30d;
> 	}
>
> 	# protect htaccess
> 	location ~ /\. {
>    		deny  all;
> 	}
> }
>
>
>
> And yep, I know the .htpasswd is in an accessible location ;-)
>
> Thank you for your help.
>
> Matt
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,2667,2667#msg-2667
>
>






More information about the nginx mailing list