Hi I'm a nginx newbie, but I think I'm experiencing something seriously strange. I'm not sure I can reproduce the steps needed, but the thing is that I ended up nginx downloading protected php files from the site! Step 1. make a normal site with say one php file Step 2. make a auth_basic protected folder on it Step 3. authenticate yourself in Google Chrome (maybe it works in others too) Step 4. now modify the config such that a php file what wasn't protected before is protected now, reload Step 5. now if you load the new php file in Chrome, instead of asking for the authenticate dialog, or parsing the file properly, it downloads it! I mean the pure PHP file with all it's code and plaintext content inside it! I'm not sure that the above steps are the precise steps required to reproduce the bug, but I've repeatedly ended up downloading php files from the server. Closing Chrome and cleaning the cache fixed it. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,231253,231253#msg-231253
on 2012-09-30 00:52
on 2012-09-30 01:01
OK, I think my case is much simpler. Having
location = /something.php {
auth_basic "Restricted";
auth_basic_user_file ...;
}
before
location ~ \.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/home/kek/http/private/php.socket;
include fastcgi_params;
try_files $uri =404;
}
Stops at the first step. Is there any way to password protect a single
php
file AND keep parsing it as php? Or should I copy and paste those lines
into
the first one?
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,231253,231254#msg-231254
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.