Error pages/Web Authentication

Maxim Dounin mdounin at mdounin.ru
Thu Jun 9 20:17:37 MSD 2011


Hello!

On Thu, Jun 09, 2011 at 10:53:58AM -0400, HTF wrote:

> Hello,
> 
> I would like to ask for some help.
> 
> 1. Does Nginx support SHA encryption for the basic web authentication?
> When I use -s switch with htpasswd command I can't log in. It works with

No.  In 1.0.3+ there are support for {SSHA} (salted/seeded SHA, see 
[1]).  Probably {SHA} should be added two, for compatibility 
reasons.  Though please note that it's notably less secure than 
{SSHA} as it's not salted and hence vulnerable to rainbow table 
attacks.

[1] http://www.openldap.org/faq/data/cache/347.html

> MD5 however it looks like MD5 has some character length limitation as
> only the first eight characters are significant.

By MD5 you mean $apr1$ password scheme, as generated by htpasswd 
-m?  It's supported since 1.0.3 and don't have any length 
limitations.

> 2. I have Joomla install running on Nginx. I enabled SEO URLs with
> rewrite rule:
> - try_files $uri $uri/ /index.php?q=$request_uri;
> I'm facing the following issue:
> Joomla has build in error pages. I've tested and I appended some random
> characters within the URL:
> a) http://mywebsite.com/random - and it shows Joomla error page which is
> fine - same for http://mywebsite.com/index.htm however when I put
> http://mywebsite.com/index.html it shows nginx 404 Not Found error page
> b) When I type any random characters and append a file with php
> extension at the end (http://mywebsite.com/random/index.php) there is a
> blank page.

It looks like you have "location ~ \.html$" and "location ~ 
\.php$" which match (a) and (b) and you don't have any Joomla 
fallback there.  If you want to pass anything non-existant to 
Joomla - make sure to actually pass anything.

Maxim Dounin



More information about the nginx mailing list