Can auth_basic restrict files in certain folder?

Server NGINX
#1

Hi, all

I have some problem with my nginx
I just could not restrict files in certain floder, as follows, i put the
settings to nginx.conf

location ~ ^/restrict/
{
  auth_basic             "STATISTIC";
  auth_basic_user_file   /usr/local/nginx/conf/pwfornginx
}

the folder /restrict/ is restricted perfect, however, files in the
folder can still be accessed,
/restrict/somefile.php

What’s the matter? any ideas?

Thanks in advance.

Regards,

gavin

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,68890,68890#msg-68890

#2

Hi Gavin,

the folder /restrict/ is restricted perfect, however, files in the folder can still be accessed,
/restrict/somefile.php

What’s the matter? any ideas?

The problem is you somewhat have to rethink how NginX process the
request. read here for more details
http://nginx.org/en/docs/http/request_processing.html#simple_php_site_configuration
but to sum it up you probably have a something like
location ~ .*.php${
}
in your config which actually handles the /restrict/somefile.php instead
of
location ~ ^/restrict/ { }
there is two ways to remidy this. you can do something like

location ~ ^/restrict/.*.php$ {
#rest of auth config
}

or you can do sub-locations note this is the only instance that i have
read where it is safe to do nested locations. YMMV

location ~ ^/restrict/
{
auth_basic “STATISTIC”;
auth_basic_user_file /usr/local/nginx/conf/pwfornginx
location ~ .*.php$ {
#include your php config for processing ie proxy_pass or
fastcgi_pass
}
}

v/r,
Rob

#3

Rob S. Wrote:

 auth_basic_user_file

location ~ ^/restrict/ { }

v/r,
Rob

nginx mailing list
[email protected]
http://nginx.org/mailman/listinfo/nginx

Hi, Rob

Great thanks for your quick reply. I have tried your suggestion out, and
add the following config:

location ~ ^/restrict/
{
  auth_basic             "STATISTIC";
  auth_basic_user_file   /usr/local/nginx/conf/pwfornginx
}
location ~ ^/restrict/.*\.php$
{
  auth_basic             "STATISTIC";
  auth_basic_user_file   /usr/local/nginx/conf/pwfornginx
}

However, it is still not working. No authorization is required when I
try to get access to a certain page in the restricted folder.

V/R,

gavin

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,68890,68944#msg-68944

#4

BTW, I should read tips in
http://nginx.org/en/docs/http/request_processing.html#simple_php_site_configuration
first.

Thanks again. :slight_smile:

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,68890,68929#msg-68929

#5

Hi, Rob

Great thanks for your quick reply. I have tried your suggestion out, and
add the following config:
location ~ ^/restrict/
{
auth_basic “STATISTIC”;
auth_basic_user_file /usr/local/nginx/conf/pwfornginx
}
location ~ ^/restrict/.*.php$
{
auth_basic “STATISTIC”;
auth_basic_user_file /usr/local/nginx/conf/pwfornginx
}

However, it is still not working. No authorization is required when I
try to get access to a certain page in the restricted folder.

V/R,

gavin

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,68890,68928#msg-68928

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs