Welcome! Log In Create A New Profile

Advanced

authenticated session downloads auth_basic protected php files

September 29, 2012 06:52PM
Hi I'm a nginx newbie, but I think I'm experiencing something seriously strange. I'm not sure I can reproduce the steps needed, but the thing is that I ended up nginx downloading protected php files from the site!

Step 1. make a normal site with say one php file
Step 2. make a auth_basic protected folder on it
Step 3. authenticate yourself in Google Chrome (maybe it works in others too)
Step 4. now modify the config such that a php file what wasn't protected before is protected now, reload
Step 5. now if you load the new php file in Chrome, instead of asking for the authenticate dialog, or parsing the file properly, it downloads it! I mean the pure PHP file with all it's code and plaintext content inside it!

I'm not sure that the above steps are the precise steps required to reproduce the bug, but I've repeatedly ended up downloading php files from the server. Closing Chrome and cleaning the cache fixed it.
SubjectAuthorPosted

authenticated session downloads auth_basic protected php files

zseroSeptember 29, 2012 06:52PM

Re: authenticated session downloads auth_basic protected php files

zseroSeptember 29, 2012 07:00PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 62
Record Number of Users: 7 on March 06, 2014
Record Number of Guests: 229 on August 01, 2014
Powered by nginx    Powered by FreeBSD    PHP Powered    Powered by Percona     ipv6 ready