Location directive disaster

Hi everyone

I have moved from Apache2 to Nginx. I am finding it difficult working
out what is going on with the location directive. I’ve looked at various
tutorials and blogs but I’m still encountering problems.

Basically I have a new website that I’m hosting off a directory of the
current one. Lets call it /newwebsite. To prevent people getting to it,
I’ve put http-basic authentication around it:

            ## Default Location
            location / {
                    index   index.php       index.html;
            }

            location /newwebsite {
                    index   index.php       index.html;
                    auth_basic              "Unauthorised use

prohibited";
auth_basic_user_file
/home/username/www.website.com/.htpasswd;
}

There’s an admin section as well. I will need http authentication on
this, even when it goes live, to stop people gaining access to the admin
function:

            location /newwebsite/admin {
                    index login.php;
                    auth_basic              "Unauthorised use

prohibited";
auth_basic_user_file
/home/username/www.website.com/.htpasswd;

            }

Of course I have the catch-all for all the php scripts:

            location ~ \.php$ {
                    include /etc/nginx/fastcgi_params;
                    fastcgi_pass    127.0.0.1:9000;
                    fastcgi_index   index.php;
                    fastcgi_param   SCRIPT_FILENAME

$document_root$fastcgi_script_name;
fastcgi_param PATH_INFO
$fastcgi_script_name;
}

So:

When I visit http://domain.com/newsite/admin I get prompted for a http
basic-auth username and password - as expected. This works.

When I visit http://domain.com/newsite/admin/admin.php I am straight in
without http basic-auth. This is not so good…!!

So perhaps I’m doing this all wrong?

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,200935,200935#msg-200935

On 26 May 2011 00:57, phil1886 [email protected] wrote:

Hi everyone

Hi.

When I visit http://domain.com/newsite/admin/admin.php I am straight in
without http basic-auth. This is not so good…!!

You have to put a copy of the ~ .php$ location block inside the
protected
location block (nested), otherwise the php block takes precedence and
the
location parser does not match anything else.

I had exactly the same problem: http://forum.nginx.org/read.php?2,189220

Thomas

Thank you!!

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,200935,200942#msg-200942

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs