Location recursive downloads php files

I try to secure a specific folder and all files and subfolders with this
location block:

location ^~ /folder1/admin {
    auth_basic  "Login";
    auth_basic_user_file

/var/www/domain.tld/www/folder1/admin/.htpasswd;
}

With this code nginx offers always to download the php files.

With this code everything works as expected except that files and
subfolders
are not secured:

location /folder1/admin {
    auth_basic  "Login";
    auth_basic_user_file

/var/www/domain.tld/www/folder1/admin/.htpasswd;
}

Why is that and how can I fix the problem from the first block?

Thanks.

Posted at Nginx Forum:

On Sat, Jul 20, 2013 at 05:01:39PM -0400, Peleke wrote:

Hi there,

With this code everything works as expected except that files and subfolders
are not secured:

location /folder1/admin {
    auth_basic  "Login";
    auth_basic_user_file

/var/www/domain.tld/www/folder1/admin/.htpasswd;
}

Why is that and how can I fix the problem from the first block?

In nginx, one request is handled in one location.

http://nginx.org/r/location describes the rules, so that you can know
which one location will be used for a particular request.

In the above location{} blocks, you give no indication of what nginx
should do with the request, so it uses its default of “serve it from
the filesystem”.

The difference between your two observations is that in the first case,
the location{} block is used for the request that you made; and in the
second case, the location{} block is not used.

To fix your configuration, you must put all of the configuration that
you want to apply to a request, in the one location{} that handles
that request.

f

Francis D. [email protected]

Okay, it works if I add this:

location ^~ /folder1/admin {
    auth_basic  "Login";
    auth_basic_user_file

/var/www/domain.tld/www/folder1/admin/.htpasswd;
location ~ .php$ {
#limit_req zone=limit burst=5 nodelay;
try_files $uri =404;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_intercept_errors off;
fastcgi_read_timeout 120;
fastcgi_buffers 256 4k;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}

##
# Pass PHP-Files To Socket
##

location ~ \.php$ {
    #limit_req zone=limit burst=5 nodelay;
    try_files $uri =404;
    #fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_intercept_errors off;
    fastcgi_read_timeout 120;
    fastcgi_buffers 256 4k;
    fastcgi_param SCRIPT_FILENAME 

$document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}

But that is redundancy and can be complicated if you have many of those
entries and then want to change a .php setting (you have to do it
multiple
times).
Isn’t it possible to make it simpler?

Posted at Nginx Forum:

On Sun, Jul 21, 2013 at 01:08:18PM -0400, Peleke wrote:

Hi there,

Okay, it works if I add this:

location ^~ /folder1/admin {
> location ~ \.php$ { > } > }
location ~ \.php$ {
> }

But that is redundancy and can be complicated if you have many of those
entries and then want to change a .php setting (you have to do it multiple
times).
Isn’t it possible to make it simpler?

Yes.

Either use an external-to-nginx thing to create the complicated config
file from less complicated parts; or put the repeated parts in a file
and
“include” it.

http://nginx.org/r/include

f

Francis D. [email protected]