securing access to a folder - 404 error
mottwsc
nginx-forum at nginx.us
Tue Mar 19 00:10:47 UTC 2013
I was able to get partway through the problem with some help. The basic
problem was that I had been missing a root directive in one of the location
blocks. I was advised to (and did) move the root statement up to the server
block and comment it out from any sub-blocks. I have found that this now
works as it should to protect the /secure folder when trying to view html
files, but it does not when viewing php files in the /secure folder (it just
bypasses authentication and displays the file. I must be missing something
in the /php block (I guess), but I'm not sure what that would be.
Any suggestions?
Here's the entire nginx config file....
CODE
--------------------------------------------------------------------------------------------------
server {
listen 80;
server_name mm201.myserver.com;
root /var/www/html;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
# root /var/www/html;
# this statement allows static content to be served first
try_files $uri $uri/ /index.php
index index.php index.html index.htm;
}
# protect the "secure" folder ( /var/www/html/secure )
location /secure/ {
# root /var/www/html;
auth_basic "Restricted";
auth_basic_user_file /var/www/protected/.htpasswd;
# auth_basic_user_file /var/www/html/secure/.htpasswd;
}
# protect the "munin" folder ( /var/www/html/munin ) and subfolders
location ^~ /munin/ {
auth_basic "Restricted";
auth_basic_user_file /var/www/protected/.htpasswd;
}
error_page 404 /404.html;
location = /404.html {
# root /var/www/html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
# root /var/www/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
# root /var/www/html;
try_files $uri =404;
# the above was inserted to block malicious code uploads, but nginx and
# the php-fcgi workers must be on the same physical server
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
--------------------------------------------------------------------------------------------------
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,237196,237518#msg-237518
More information about the nginx
mailing list