Disable auth_basic for unique (set of) URL

B.R. reallfqq-nginx at yahoo.fr
Sat Dec 29 19:48:16 UTC 2012


Thanks Francis for your insights. Your message has been a great help.

Despite what you said, I don't have any cache configured yet (low-traffic
server) and the configuration I use requests authentification for all .php
file but the 'thisfile.php'. On the other hand, the browser I use doesn't
store any cache either.
I'd like more than theory on that particular point...
I'm not a pro of cURL, never have been... I'm encountering some errors I am
having a hard time understanding.

You are right about that include usage. I havent' eventhought about it. How
stupid I can be sometimes.

I'll also follow your good advice on separating config/invocation of
FastCGI and I'll clean up the 'global' inclusion.

What I didn't understand about the error is that placing a '~ \.php'
catch-all PHP reges inside 'location = /thisfile.php' isn't allowed but is
allowed inside 'location /thisfile.php'... Which is not more generic than
the previous one.
Tell me how many PHP files will match each one of the 'location' clauses.
I was excepting the same behavior regarding both those locations, either
both generating an error or both silent... Which is not the case.

I'll consider the first 2 of your last 3 lines as a lack of understanding
of the problem I was pointing at. *That* could have been insulting
In my opinion.

---
*B. R.*


On Sat, Dec 29, 2012 at 12:34 PM, Francis Daly <francis at daoine.org> wrote:

> On Thu, Dec 27, 2012 at 09:57:16AM -0500, B.R. wrote:
>
> Hi there,
>
> http://nginx.org/en/docs/http/request_processing.html is probably useful
> to read.
>
> nginx has that one request is handled in one location. Having learned
> those rules, I find nginx.conf (relatively) easy to read.
>
> > I then tried to solve my problem with:
> >
> > location /thisfile.php {
> >     auth_basic off;
> >
> > # Start of *exact* copy
> >     location ~ \.php$ {
> >         FastCGI stuff here...
> >     }
> > # End of *exact* copy
> > }
> >
> > location ~ \.php$ {
> >     FastCGI stuff here...
> > }
> >
> > I don't like this solution because it makes me copying my FastCGI work.
>
> I don't have a problem with copying the FastCGI stuff. I'd probably just
> use "include my-fastcgi-config" in two places and not worry about it.
>
> I don't like the solution above because it doesn't do what you want. It
> will ask for authentication when you request /thisfile.php.
>
> > What if one day I am to modify it? I'll probably forget there are 2
> places
> > to check...
>
> Either use an aid to remember, or don't repeat the things that are
> common to multiple places in the config file. You can use the nginx
> "include" directive; or you can use whatever macro processor you prefer
> to generated nginx.conf.
>
> > But it seems to work.
>
> Test again. Use "curl" -- it doesn't tend to use a cache or hide things
> from you.
>
> > Any better idea?
>
>   location = /thisfile.php {
>     auth_basic off;
>     include my-fastcgi-config;
>   }
>   location ~ \.php$ {
>     include my-fastcgi-config;
>   }
>
> But really I'd probably try to avoid the top-level regex location. And,
> depending on what else is involved, I might just "include fastcgi.conf"
> once at server level, and then "fastcgi_pass" in the locations where I
> want the request to be handled by the fastcgi server.
>
> > Another point:
> > If I set 'location = /thisfile.php' rather than 'location /thisfile.php',
> > Nginx insults me with 'nginx: [emerg] location "\.php$" cannot be inside
> > the exact location "/thisfile.php"' again. Bug or feature?
>
> That nginx reports a dubious config? Feature.
>
> That you consider it an insult? Bug.
>
> In my opinion.
>
>         f
> --
> Francis Daly        francis at daoine.org
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20121229/5269e258/attachment.html>


More information about the nginx mailing list