htpasswd protection prompts for index.php download

Jim Ohlstein nginx-forum at
Thu Mar 18 03:22:49 MSK 2010

This is the expected behavior. I would guess that your configuration file contains a different location block for handling files with a ".php" extension. In this case nginx will only match one location. See

To avoid serving the index.php file as a text file you can try using nested location blocks. This is an undocumented feature and can have unpredictable results, but in this case I guess it will work OK.

Try something like:

location ~ /srv/www/users/me/(folder1|folder2)/.* {
auth_basic "Restricted";
auth_basic_user_file /srv/www/users/me/folder1/.htpasswd;
location ~\.php {
fastcgi_pass;  # substitute here with appropriate PHP backend address or proxy_pass statement and parameters.

Posted at Nginx Forum:,65055,65059#msg-65059

More information about the nginx mailing list