Protect a specific php file

voidandany nginx-forum at nginx.us
Thu Jan 12 16:21:40 UTC 2012


Hello, 

On my server I have a php app in a subfolder of my root, so basically
I've made the following nginx configuration : 


server {
        listen       80;
        server_name  www.domain.fr;
        root         /var/www/domain.fr;
        access_log      /var/log/nginx/access.log ;
        location /myapp {
                location ~ \.php$ {
                        include         /etc/nginx/fastcgi_params;
                        fastcgi_param   SCRIPT_FILENAME 
$document_root$fastcgi_script_name;
                        fastcgi_pass    127.0.0.1:9000;
                }
        }
}

And it's work now in this app I want to protect the index.php file and
only this one, so I try this : 


        location /myapp {
                location ^~ /myapp/index.php {
                        auth_basic            "Private Section";
                        auth_basic_user_file  $document_root/.htpasswd;
                        location ~ \.php$ {
                                include        
/etc/nginx/fastcgi_params;
                                fastcgi_param   SCRIPT_FILENAME 
$document_root$fastcgi_script_name;
                                fastcgi_pass    127.0.0.1:9000;
                        }
                }
                location ~ \.php$ {
                        include         /etc/nginx/fastcgi_params;
                        fastcgi_param   SCRIPT_FILENAME 
$document_root$fastcgi_script_name;
                        fastcgi_pass    127.0.0.1:9000;
                }
        }

I had to duplicate the php location, is there an another way ?

It work with IE8 but not with Chrome !!

With Chrome the complete URL (http://www.domain.fr/myapp/index.php) is
correctly protected but not this one http://www.domain.fr/myapp/
In this case the php file is downloaded...

Any idea why ? Any solution ?

Thanks a lot

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,221094,221094#msg-221094



More information about the nginx mailing list