auth_basic not requiring Authorization
Maxim Dounin
mdounin at mdounin.ru
Fri Jul 1 20:17:37 MSD 2011
Hello!
On Fri, Jul 01, 2011 at 11:58:08AM -0400, bindsocket wrote:
> Having a huge problem with the auth_basic. Despite putting in the exact
> same lines as what I found in many examples, the web server is still
> allowing access even without sending any authorization.
> Relevent conf bits:
>
> server {
> listen 80;
[...]
> ## Default location
> location / {
> index index.php;
>
> auth_basic "Ingester";
> auth_basic_user_file .htpasswd;
You have auth_basic in your "location /", so everything that ends
up here will be protected.
[...]
> ## Parse all .php file in the /var/www directory
> location ~ .php$ {
> fastcgi_pass backend;
But you don't have auth_basic in "location ~ \.php$" (btw, you
missed "\" before "."), and anything here won't be protected.
You have to move auth_basic to server{} level to protect
everything (or add it to all relevant locations if you have some
which doesn't need protection).
Maxim Dounin
More information about the nginx
mailing list