Location directive disaster
phil1886
nginx-forum at nginx.us
Thu May 26 02:57:25 MSD 2011
Hi everyone
I have moved from Apache2 to Nginx. I am finding it difficult working
out what is going on with the location directive. I've looked at various
tutorials and blogs but I'm still encountering problems.
Basically I have a new website that I'm hosting off a directory of the
current one. Lets call it /newwebsite. To prevent people getting to it,
I've put http-basic authentication around it:
## Default Location
location / {
index index.php index.html;
}
location /newwebsite {
index index.php index.html;
auth_basic "Unauthorised use
prohibited";
auth_basic_user_file
/home/username/www.website.com/.htpasswd;
}
There's an admin section as well. I will need http authentication on
this, even when it goes live, to stop people gaining access to the admin
function:
location /newwebsite/admin {
index login.php;
auth_basic "Unauthorised use
prohibited";
auth_basic_user_file
/home/username/www.website.com/.htpasswd;
}
Of course I have the catch-all for all the php scripts:
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
fastcgi_param PATH_INFO
$fastcgi_script_name;
}
So:
When I visit http://domain.com/newsite/admin I get prompted for a http
basic-auth username and password - as expected. This works.
When I visit http://domain.com/newsite/admin/admin.php I am straight in
without http basic-auth. This is not so good..!!
So perhaps I'm doing this all wrong?
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,200935,200935#msg-200935
More information about the nginx
mailing list