Error pages/Web Authentication
Maxim Dounin
mdounin at mdounin.ru
Thu Jun 9 20:17:37 MSD 2011
Hello!
On Thu, Jun 09, 2011 at 10:53:58AM -0400, HTF wrote:
> Hello,
>
> I would like to ask for some help.
>
> 1. Does Nginx support SHA encryption for the basic web authentication?
> When I use -s switch with htpasswd command I can't log in. It works with
No. In 1.0.3+ there are support for {SSHA} (salted/seeded SHA, see
[1]). Probably {SHA} should be added two, for compatibility
reasons. Though please note that it's notably less secure than
{SSHA} as it's not salted and hence vulnerable to rainbow table
attacks.
[1] http://www.openldap.org/faq/data/cache/347.html
> MD5 however it looks like MD5 has some character length limitation as
> only the first eight characters are significant.
By MD5 you mean $apr1$ password scheme, as generated by htpasswd
-m? It's supported since 1.0.3 and don't have any length
limitations.
> 2. I have Joomla install running on Nginx. I enabled SEO URLs with
> rewrite rule:
> - try_files $uri $uri/ /index.php?q=$request_uri;
> I'm facing the following issue:
> Joomla has build in error pages. I've tested and I appended some random
> characters within the URL:
> a) http://mywebsite.com/random - and it shows Joomla error page which is
> fine - same for http://mywebsite.com/index.htm however when I put
> http://mywebsite.com/index.html it shows nginx 404 Not Found error page
> b) When I type any random characters and append a file with php
> extension at the end (http://mywebsite.com/random/index.php) there is a
> blank page.
It looks like you have "location ~ \.html$" and "location ~
\.php$" which match (a) and (b) and you don't have any Joomla
fallback there. If you want to pass anything non-existant to
Joomla - make sure to actually pass anything.
Maxim Dounin
More information about the nginx
mailing list