dubstep
February 15, 2011, 4:27pm
1
I have a configuration block like this :
location /members/ {
index main.php;
}
location ~ ^/members/(?:text1|text2|text3)/(?!noinclude)[^\/]+/ {
auth_basic "Restricted Area";
auth_basic_user_file /home/password/.htpasswd;
rewrite ^\/(members\/[^\/]+\/[^\/]+)\/$ /gallery.php?path=$1&page=1
last;
rewrite ^\/(members\/[^\/]+\/[^\/]+)\/page([0-9]+)\.php$
/gallery.php?path=$1&page=$2 last;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_n$
include fastcgi_params;
}
The problem is that whenever I go to
http://mydomain.com/members/text1/anything/ or
http://mydomain.com/members/text1/anything/pageX.php , it correctly
displays the redirected page from gallery.php correctly, but it requires
no authentication. The images and other elements embedded on the page
from within the directory requires authentication, however.
I’m using v0.8.54.
Posted at Nginx Forum:
Hello!
On Tue, Feb 15, 2011 at 10:26:29AM -0500, Ellimist wrote:
rewrite ^\/(members\/[^\/]+\/[^\/]+)\/$ /gallery.php?path=$1&page=1
include fastcgi_params;
}
[/code]
The problem is that whenever I go to
http://mydomain.com/members/text1/anything/ or
http://mydomain.com/members/text1/anything/pageX.php , it correctly
displays the redirected page from gallery.php correctly, but it requires
no authentication. The images and other elements embedded on the page
from within the directory requires authentication, however.
Rewrite are executed before authentication, so you have to switch
on authentication in location where request is actually processed
(that is, rewritten one).
Additionally, /gallery.php is anyway unprotected with your config,
so it’s possible to request anything without authentication by
constructing appropriate url.
To resolve both issues it would be enough to add location for
gallery.php with auth_basic, i.e.
location = /gallery.php {
auth_basic ...
fastcgi_pass ...
...
}
Though you may want to rewrite your config to avoid rewrites
altogether to something like
location /members/ {
auth_basic ...
location ~ ^/(?<path>members/[^/]+/[^/]+)/$ {
fastcgi_pass ...
fastcgi_param SCRIPT_FILENAME $document_root/gallery.php;
fastcgi_param QUERY_STRING path=$path&page=1;
...
}
location ~
^/(?members/[^/]+/[^/]+)/page(?[0-9]+).php$ {
fastcgi_pass …
fastcgi_param SCRIPT_FILENAME $document_root/gallery.php;
fastcgi_param QUERY_STRING path=$path&page=$page;
…
}
}
This aproach is believed to be much more maintainable than using
rewrites.
Maxim D.