The new regex matching stuff rocks... except it's missing one thing

mike mike503 at gmail.com
Thu Mar 12 01:43:15 MSK 2009


i have a deny on .htpasswd already, so it won't allow that either way.


On Wed, Mar 11, 2009 at 3:30 PM, Ian Hobson <ian at ianhobson.co.uk> wrote:
> mike wrote:
>>
>> The auth stuff doesn't support it.
>>
>> Any ideas on how to support dynamically populating the
>> auth_basic_user_file? Is this a quick and dirty thing? That'd be
>> awesome if it was.
>>
>>               location ~* ^/foo/private/(.*) {
>>                       alias /home/foo/web/private/$1/;
>>                       auth_basic "Restricted files";
>>                       auth_basic_user_file
>> /home/foo/web/private/$1/.htpasswd;
>>               }
>>
>>
>> 2009/03/11 16:16:39 [crit] 14097#0: *11 open()
>> "/home/foo/web/private/$1/.htpasswd" failed (2: No such file or
>> directory), client: 1.2.3.4, server: foo.com, request: "GET
>> /foo/private/demo-video/ HTTP/1.1", host: "foo.com"
>>
>
> I would have thought a new param, to list the users who were permitted to
> authenticate would be more flexible. That way, you have one password file,
> and only one password to change for a user who has access to multiple areas.
>
> permit_user <list>;   and deny_user <list>;   perhaps.
>
> And why risk having your password file in your web tree?
>
> Regards
>
> Ian
>
>





More information about the nginx mailing list