Htpasswd protection prompts for index.php download

I could not find the information on the web or in the wiki, so I try
this list. I am the user of a free hosting service using nginx. So I
cannot acces or edit conf files myself, but I can ask the admin and he
will do it for me.

Basically, I want to protect whole folders. I think that I have managed
to do that by asking the admin to add these lines to the nginx.conf
file:

Password Protect important Directories

location ~ /srv/www/users/me/(folder1|folder2)/.* {
auth_basic “Restricted”;
auth_basic_user_file /srv/www/users/me/folder1/.htpasswd;
}

This does protect all files in folder1 and folder2. However, after
entering the password, instead of seeing the index.php file display the
page on screen, my browser pops up this download dialogue:

http://img706.imageshack.us/img706/938/ss20100318005424.jpg

How can I avoid this behavior?

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,65055,65055#msg-65055

On Thu, Mar 18, 2010 at 7:01 AM, ppnx [email protected] wrote:

I could not find the information on the web or in the wiki, so I try this list. I am the user of a free hosting service using nginx. So I cannot acces or edit conf files myself, but I can ask the admin and he will do it for me.

Basically, I want to protect whole folders. I think that I have managed to do that by asking the admin to add these lines to the nginx.conf file:

Password Protect important Directories

location ~ /srv/www/users/me/(folder1|folder2)/.* {
auth_basic “Restricted”;
auth_basic_user_file /srv/www/users/me/folder1/.htpasswd;
}

location ~ /srv/www/users/me/(folder1|folder2)/.*.php$ {
auth_basic “Restricted”;
auth_basic_user_file /srv/www/users/me/folder1/.htpasswd;
fastcgi_pass …;

}


O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

This is the expected behavior. I would guess that your configuration
file contains a different location block for handling files with a
“.php” extension. In this case nginx will only match one location. See
http://wiki.nginx.org/NginxHttpCoreModule#location.

To avoid serving the index.php file as a text file you can try using
nested location blocks. This is an undocumented feature and can have
unpredictable results, but in this case I guess it will work OK.

Try something like:

location ~ /srv/www/users/me/(folder1|folder2)/.* {
auth_basic “Restricted”;
auth_basic_user_file /srv/www/users/me/folder1/.htpasswd;
location ~.php {
fastcgi_pass 127.0.0.1:9000; # substitute here with appropriate PHP
backend address or proxy_pass statement and parameters.

}
}

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,65055,65059#msg-65059

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs