auth_basic not requiring Authorization

bindsocket nginx-forum at nginx.us
Fri Jul 1 19:58:08 MSD 2011


Having a huge problem with the auth_basic.  Despite putting in the exact
same lines as what I found in many examples, the web server is still
allowing access even without sending any authorization.
Relevent conf bits:

server {
    listen 80;
    server_name  my.servers.name.com;
    log_format fullCombined '$remote_addr - $http_x_forwarded_for
$remote_user [$time_local]  '
                            '"$request" $http_content_length $status
$body_bytes_sent '
                            '"$http_referer" "$http_user_agent"';
    access_log  /var/log/nginx/access.log fullCombined;
    error_log /var/log/nginx/error.log;

    root /var/www/current/pub;

    client_body_buffer_size 1024k;

## Default location
    location / {
        index  index.php;

        auth_basic "Ingester";
        auth_basic_user_file .htpasswd;

        rewrite ^index.php(.*)$ /index.php?/$1 last;
        if (!-f $request_filename) {
                rewrite ^/(.*)$ /index.php?/$1 last;
                break;
        }

    }
## Parse all .php file in the /var/www directory
    location ~ .php$ {
        fastcgi_pass   backend;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME 
$document_root$fastcgi_script_name;
        include /etc/nginx/fastcgi_params;
        fastcgi_param  QUERY_STRING     $query_string;
        fastcgi_param  REQUEST_METHOD   $request_method;
        fastcgi_param  CONTENT_TYPE     $content_type;
        fastcgi_param  CONTENT_LENGTH   $content_length;
        fastcgi_intercept_errors        on;
        fastcgi_ignore_client_abort     off;
        fastcgi_connect_timeout 60;
        fastcgi_send_timeout 180;
        fastcgi_read_timeout 180;
        fastcgi_buffer_size 128k;
        fastcgi_buffers 4 256k;
        fastcgi_busy_buffers_size 256k;
        fastcgi_temp_file_write_size 256k;
    }

## Disable viewing .htaccess & .htpassword
    location ~ /\.ht {
        deny  all;
    }
}

Thanks in advance,
Brian

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,211601,211601#msg-211601




More information about the nginx mailing list