HT Auth Problem
merlin corey
merlincorey at dc949.org
Mon Jun 8 14:16:54 MSD 2009
The problem is clear and you have no need of nested locations (though
that is one possible solution and hints at the issue). Observe:
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
/var/www/tributes-direct.co.uk/$fastcgi_script_name;
include fastcgi_params;
}
This regular expression indeed covers all PHP files. There is no auth
here, so it does not ask for auth, only for the resources that ARE
under a location with auth. You can try a nested location, or you can
add a second more specific php handling location block that also has
auth in it, or you can make an internal location for PHP and pass back
to it for the regular expressions. The middle method is most
straightforward (and not demonstrated yet) and might be implemented
like so:
location ~ ^/protectedstuff/.*\.php$ {
auth_basic "Enter Credentials";
auth_basic_user_file /path/to/auth;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
/var/www/tributes-direct.co.uk/$fastcgi_script_name;
include fastcgi_params;
}
On Sat, Jun 6, 2009 at 6:09 AM, matt91<nginx-forum at nginx.us> wrote:
> I am having a problem with HT Auth where it will protect the directory and all files in it except the php files, I think this is a problem with nginx passing all php files for processing by fcgi before the authentication. For example mysite.com/imnottelling/ and mysite.com/imnottelling/hello.html is protected however mysite.com/imnottelling/anything.php is not. Here is my virtual host config file for the domain:
>
> server {
> listen 81;
>
> server_name tributes-direct.co.uk www.tributes-direct.co.uk *.tributes-direct.co.uk;
>
> access_log /var/log/nginx/localhost.access.log;
>
> rewrite ^/adamcarter$ /tributedetails.php?name=elvis_adam_carter&page=1 break;
> rewrite ^/bg_sound_([^_]*)\.xspf$ /includes/bg_audio_player/bg_sound.php?tributeid=$1 break;
> rewrite ^/adamcarter$ /tributedetails.php?name=elvis_adam_carter&page=1 break;
> rewrite ^/elvis$ /tributeindex.php?artiste=elvis break;
> rewrite ^/_([^/]*)$ /tributedetails.php?name=$1 break;
> rewrite ^/_(.*)/page/(.*)$ /tributedetails.php?name=$1&page=$2 break;
> rewrite ^/_(.*)/art/(.*)$ /tributedetails.php?name=$1&artisteid=$2 break;
> rewrite ^/_(.*)/cat/(.*)$ /tributedetails.php?name=$1&cat=$2 break;
>
> location / {
> root /var/www/tributes-direct.co.uk;
> index index.php index.html index.htm;
> }
> location /imnottelling/* {
> root /var/www/tributes-direct.co.uk;
> index index.php index.html index.htm;
> auth_basic "Restricted";
> auth_basic_user_file /var/www/tributes-direct.co.uk/imnottelling/.htpasswd;
> }
>
> #error_page 404 /var/www/err/404.html;
>
> # redirect server error pages to the static page /50x.html
> #
> #error_page 500 502 503 504 /50x.html;
> #location = /50x.html {
> # root /var/www/err;
> #}
>
> location ~ \.php$ {
> fastcgi_pass 127.0.0.1:9000;
> fastcgi_index index.php;
> fastcgi_param SCRIPT_FILENAME /var/www/tributes-direct.co.uk/$fastcgi_script_name;
> include fastcgi_params;
> }
>
> serve static files directly
> location ~ .(jpg|jpeg|gif|css|png|js|ico)$ {
> access_log off;
> expires 30d;
> }
>
> # protect htaccess
> location ~ /\. {
> deny all;
> }
> }
>
>
>
> And yep, I know the .htpasswd is in an accessible location ;-)
>
> Thank you for your help.
>
> Matt
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,2667,2667#msg-2667
>
>
>
More information about the nginx
mailing list