securing access to a folder - 404 error
Francis Daly
francis at daoine.org
Tue Mar 19 09:11:26 UTC 2013
On Mon, Mar 18, 2013 at 08:10:47PM -0400, mottwsc wrote:
Hi there,
> I have found that this now
> works as it should to protect the /secure folder when trying to view html
> files, but it does not when viewing php files in the /secure folder (it just
> bypasses authentication and displays the file. I must be missing something
> in the /php block (I guess), but I'm not sure what that would be.
Your "php" block doesn't have any mention of auth_basic, and so basic
authentication does not apply there.
> Any suggestions?
One request is handled in one location. You must have all of the
configuration that you want, available in the one location that handles
a specific request.
The "location" blocks you have are as follows.
> location / {
> location /secure/ {
> location ^~ /munin/ {
> location = /404.html {
> location = /50x.html {
> location ~ \.php$ {
> location ~ /\.ht {
The documentation (http://nginx.org/r/location, for example) should tell
you exactly which location{} is used for each request you make.
What you want is a location for "secure php" -- either "location ~
php" inside "location ^~ /secure/"; or else something like "location ~
^/secure/.*php" in which both auth_basic and fastcgi_pass apply.
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list