Troubles with http basic authentication

Hi,

I’m trying to enable basic authentication for a location like this:

location /admin {
auth_basic “Restricted”;
auth_basic_user_file /tmp/.trypass;
index index.php5;
allow 192.168.1.1;
deny all;
}

When I try to connect to this location, if I use:

http://$servername/admin/ and I press Esc two times, nginx give me
out: 401 Authorization Required

If I try to connect to:

http://$servername/admin/index.php5 and I press Esc two times,
nginx allow me the access also if I don’t have insert username and
password.

It’s my mistake or it’s a bug?

Thanks!

Hello!

On Fri, 28 Sep 2007, Matteo N. wrote:

When I try to connect to this location, if I use:
It’s my mistake or it’s a bug?
It’s you mistake. You should understand, that request in nginx processed
according to configuration in most-specific location. So your location
“location /admin/” with authorization turned on won’t influence request
processing at all if you have more specific location to handle you php
scripts.

Authorization works for the first type of request (without index.php5
explicitly specified) because it’s actually processed twice - once to
find
out the new request url (according to index directive in your /admin/
location) and again to handle /admin/index.php5 request.

You should use something like this:

location /admin/ {
auth_basic …
}
location ~ ^/admin/.*.php5$ {
auth_basic …
fastcgi_pass …
}

NB: regex locations are processed in order, so you should specify
“location ~ ^/admin/.*.php5$” before your generic .php5 location.

Maxim D.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs