HT Auth Problem

merlin corey merlincorey at dc949.org
Mon Jun 8 14:16:54 MSD 2009


The problem is clear and you have no need of nested locations (though
that is one possible solution and hints at the issue).  Observe:

       location ~ \.php$ {
               fastcgi_pass   127.0.0.1:9000;
               fastcgi_index  index.php;
               fastcgi_param  SCRIPT_FILENAME
/var/www/tributes-direct.co.uk/$fastcgi_script_name;
               include fastcgi_params;
       }

This regular expression indeed covers all PHP files.  There is no auth
here, so it does not ask for auth, only for the resources that ARE
under a location with auth.  You can try a nested location, or you can
add a second more specific php handling location block that also has
auth in it, or you can make an internal location for PHP and pass back
to it for the regular expressions.  The middle method is most
straightforward (and not demonstrated yet) and might be implemented
like so:

       location ~ ^/protectedstuff/.*\.php$ {
               auth_basic "Enter Credentials";
               auth_basic_user_file /path/to/auth;
               fastcgi_pass   127.0.0.1:9000;
               fastcgi_index  index.php;
               fastcgi_param  SCRIPT_FILENAME
/var/www/tributes-direct.co.uk/$fastcgi_script_name;
               include fastcgi_params;
       }




On Sat, Jun 6, 2009 at 6:09 AM, matt91<nginx-forum at nginx.us> wrote:
> I am having a problem with HT Auth where it will protect the directory and all files in it except the php files, I think this is a problem with nginx passing all php files for processing by fcgi before the authentication. For example mysite.com/imnottelling/ and mysite.com/imnottelling/hello.html is protected however mysite.com/imnottelling/anything.php is not. Here is my virtual host config file for the domain:
>
> server {
>        listen   81;
>
>        server_name tributes-direct.co.uk www.tributes-direct.co.uk *.tributes-direct.co.uk;
>
>        access_log  /var/log/nginx/localhost.access.log;
>
>        rewrite ^/adamcarter$ /tributedetails.php?name=elvis_adam_carter&page=1 break;
>        rewrite ^/bg_sound_([^_]*)\.xspf$ /includes/bg_audio_player/bg_sound.php?tributeid=$1 break;
>        rewrite ^/adamcarter$ /tributedetails.php?name=elvis_adam_carter&page=1 break;
>        rewrite ^/elvis$ /tributeindex.php?artiste=elvis break;
>        rewrite ^/_([^/]*)$ /tributedetails.php?name=$1 break;
>        rewrite ^/_(.*)/page/(.*)$ /tributedetails.php?name=$1&page=$2 break;
>        rewrite ^/_(.*)/art/(.*)$ /tributedetails.php?name=$1&artisteid=$2 break;
>        rewrite ^/_(.*)/cat/(.*)$ /tributedetails.php?name=$1&cat=$2 break;
>
>        location / {
>                root   /var/www/tributes-direct.co.uk;
>                index  index.php index.html index.htm;
>        }
>        location  /imnottelling/*  {
>                root   /var/www/tributes-direct.co.uk;
>                index  index.php index.html index.htm;
>                auth_basic            "Restricted";
>                auth_basic_user_file  /var/www/tributes-direct.co.uk/imnottelling/.htpasswd;
>        }
>
>        #error_page  404  /var/www/err/404.html;
>
>        # redirect server error pages to the static page /50x.html
>        #
>        #error_page   500 502 503 504  /50x.html;
>        #location = /50x.html {
>        #       root   /var/www/err;
>        #}
>
>        location ~ \.php$ {
>                fastcgi_pass   127.0.0.1:9000;
>                fastcgi_index  index.php;
>                fastcgi_param  SCRIPT_FILENAME  /var/www/tributes-direct.co.uk/$fastcgi_script_name;
>                include fastcgi_params;
>        }
>
>        serve static files directly
>        location ~ .(jpg|jpeg|gif|css|png|js|ico)$ {
>                access_log        off;
>                expires           30d;
>        }
>
>        # protect htaccess
>        location ~ /\. {
>                deny  all;
>        }
> }
>
>
>
> And yep, I know the .htpasswd is in an accessible location ;-)
>
> Thank you for your help.
>
>  Matt
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,2667,2667#msg-2667
>
>
>





More information about the nginx mailing list