auth_basic not requiring Authorization

Maxim Dounin mdounin at
Fri Jul 1 20:17:37 MSD 2011


On Fri, Jul 01, 2011 at 11:58:08AM -0400, bindsocket wrote:

> Having a huge problem with the auth_basic.  Despite putting in the exact
> same lines as what I found in many examples, the web server is still
> allowing access even without sending any authorization.
> Relevent conf bits:
> server {
>     listen 80;


> ## Default location
>     location / {
>         index  index.php;
>         auth_basic "Ingester";
>         auth_basic_user_file .htpasswd;

You have auth_basic in your "location /", so everything that ends 
up here will be protected.


> ## Parse all .php file in the /var/www directory
>     location ~ .php$ {
>         fastcgi_pass   backend;

But you don't have auth_basic in "location ~ \.php$" (btw, you 
missed "\" before "."), and anything here won't be protected.

You have to move auth_basic to server{} level to protect 
everything (or add it to all relevant locations if you have some 
which doesn't need protection).

Maxim Dounin

More information about the nginx mailing list