Error pages/Web Authentication

Maxim Dounin mdounin at mdounin.ru
Sat Jun 11 14:29:11 MSD 2011


Hello!

On Sat, Jun 11, 2011 at 04:55:28AM -0400, HTF wrote:

> Hello,
> 
> I still have some issue with this configuration. I restricted access to
> admin back end:
> 
> location /administrator {
> auth_basic "Authorized Access Only!";
> auth_basic_user_file .userdb;
> }
> 
> - however when I add index.php file to the URl
> (mydomain.com/administrator/index.php) the nginx just allow me to access
> this part of the website without authentication.
> I modified above configuration to:
> 
> location ^~ /administrator {
> auth_basic "Authorized Access Only!";
> auth_basic_user_file .userdb;
> }
> 
> - then even if I append index.php it's still ask me for login
> credentials but when I logged in the web browser is trying to download a
> file instead of opening the website.
> 
> Can someone point me to the right direction please as this problem
> persist even with the nginx default config files/configuration examples.

nginx uses only *one* configuration to process request, please see 
here:

http://wiki.nginx.org/HttpCoreModule#location

If you want /administrator to be protected, but still want php 
processed there, you have to define two locations for this: one 
for protected static files and one for protected php files.

Using nested location simple config will look like:

    location ^~ /administrator {
        auth_basic ...
        ...

        location ~ \.php$ {
            fastcgi_pass ...
            ...
        }
    }

Maxim Dounin



More information about the nginx mailing list