Welcome! Log In Create A New Profile

Advanced

Re: securing access to a folder - 404 error

Previous Message Next Message
Forum List Message List New Topic Print View
mottwsc
March 18, 2013 08:10PM
I was able to get partway through the problem with some help. The basic problem was that I had been missing a root directive in one of the location blocks. I was advised to (and did) move the root statement up to the server block and comment it out from any sub-blocks. I have found that this now works as it should to protect the /secure folder when trying to view html files, but it does not when viewing php files in the /secure folder (it just bypasses authentication and displays the file. I must be missing something in the /php block (I guess), but I'm not sure what that would be.

Any suggestions?

Here's the entire nginx config file....

CODE --------------------------------------------------------------------------------------------------
server {
listen 80;
server_name mm201.myserver.com;

root /var/www/html;

#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;

location / {
# root /var/www/html;
# this statement allows static content to be served first
try_files $uri $uri/ /index.php

index index.php index.html index.htm;
}

# protect the "secure" folder ( /var/www/html/secure )
location /secure/ {
# root /var/www/html;
auth_basic "Restricted";
auth_basic_user_file /var/www/protected/.htpasswd;
# auth_basic_user_file /var/www/html/secure/.htpasswd;
}

# protect the "munin" folder ( /var/www/html/munin ) and subfolders
location ^~ /munin/ {
auth_basic "Restricted";
auth_basic_user_file /var/www/protected/.htpasswd;
}

error_page 404 /404.html;
location = /404.html {
# root /var/www/html;
}

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
# root /var/www/html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
# root /var/www/html;
try_files $uri =404;
# the above was inserted to block malicious code uploads, but nginx and
# the php-fcgi workers must be on the same physical server

fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}
--------------------------------------------------------------------------------------------------
Reply Quote
RSS
Subject Author Posted

securing access to a folder - 404 error

mottwsc March 10, 2013 04:07PM

Re: securing access to a folder - 404 error

Francis Daly March 18, 2013 05:52PM

Re: securing access to a folder - 404 error

mottwsc March 18, 2013 08:10PM

Re: securing access to a folder - 404 error

Francis Daly March 19, 2013 05:12AM

SOLVED: securing access to a folder - 404 error

mottwsc April 04, 2013 08:54AM

Re: SOLVED: securing access to a folder - 404 error

Shohreh November 21, 2013 09:39AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 294
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready