Can auth_basic restrict files in certain folder?
WisdomFusion
nginx-forum at nginx.us
Mon Mar 29 11:08:31 MSD 2010
Rob Schultz Wrote:
-------------------------------------------------------
> Hi Gavin,
>
> > I have some problem with my nginx
> > I just could not restrict files in certain
> floder, as follows, i put the settings to
> nginx.conf
> >
> > location ~ ^/restrict/
> > {
> > auth_basic "STATISTIC";
> > auth_basic_user_file
> /usr/local/nginx/conf/pwfornginx
> > }
> >
> >
> > the folder /restrict/ is restricted perfect,
> however, files in the folder can still be
> accessed,
> > /restrict/somefile.php
> >
> > What's the matter? any ideas?
>
> The problem is you somewhat have to rethink how
> NginX process the request. read here for more
> details
> http://nginx.org/en/docs/http/request_processing.h
> tml#simple_php_site_configuration but to sum it up
> you probably have a something like
> location ~ .*\.php${
> }
> in your config which actually handles the
> /restrict/somefile.php instead of
> location ~ ^/restrict/ { }
> there is two ways to remidy this. you can do
> something like
>
> location ~ ^/restrict/.*\.php$ {
> #rest of auth config
> }
>
> or you can do sub-locations *note* this is the
> only instance that i have read where it is safe to
> do nested locations. YMMV
>
> location ~ ^/restrict/
> {
> auth_basic "STATISTIC";
> auth_basic_user_file
> /usr/local/nginx/conf/pwfornginx
> location ~ .*\.php$ {
> #include your php config for processing ie
> proxy_pass or fastcgi_pass
> }
> }
>
> v/r,
> Rob
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
Hi, Rob
Great thanks for your quick reply. I have tried your suggestion out, and add the following config:
location ~ ^/restrict/
{
auth_basic "STATISTIC";
auth_basic_user_file /usr/local/nginx/conf/pwfornginx
}
location ~ ^/restrict/.*\.php$
{
auth_basic "STATISTIC";
auth_basic_user_file /usr/local/nginx/conf/pwfornginx
}
However, it is still not working. No authorization is required when I try to get access to a certain page in the restricted folder.
V/R,
gavin
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,68890,68944#msg-68944
More information about the nginx
mailing list