Error pages/Web Authentication
Maxim Dounin
mdounin at mdounin.ru
Sat Jun 11 14:29:11 MSD 2011
Hello!
On Sat, Jun 11, 2011 at 04:55:28AM -0400, HTF wrote:
> Hello,
>
> I still have some issue with this configuration. I restricted access to
> admin back end:
>
> location /administrator {
> auth_basic "Authorized Access Only!";
> auth_basic_user_file .userdb;
> }
>
> - however when I add index.php file to the URl
> (mydomain.com/administrator/index.php) the nginx just allow me to access
> this part of the website without authentication.
> I modified above configuration to:
>
> location ^~ /administrator {
> auth_basic "Authorized Access Only!";
> auth_basic_user_file .userdb;
> }
>
> - then even if I append index.php it's still ask me for login
> credentials but when I logged in the web browser is trying to download a
> file instead of opening the website.
>
> Can someone point me to the right direction please as this problem
> persist even with the nginx default config files/configuration examples.
nginx uses only *one* configuration to process request, please see
here:
http://wiki.nginx.org/HttpCoreModule#location
If you want /administrator to be protected, but still want php
processed there, you have to define two locations for this: one
for protected static files and one for protected php files.
Using nested location simple config will look like:
location ^~ /administrator {
auth_basic ...
...
location ~ \.php$ {
fastcgi_pass ...
...
}
}
Maxim Dounin
More information about the nginx
mailing list