Restricting access to a folder
Posted by jrewi
|
Restricting access to a folder March 12, 2015 11:25AM |
Registered: 9 years ago Posts: 1 |
My understanding is that
location /admin {
auth_basic "Administrator Login";
auth_basic_user_file /path/to/.htpasswd
}
with .htpasswd created via htpasswd -c ... and the path to it being absolute should protect access to the /admin folder and everything within it. What I find, is that when I browse to
http://example.com/admin I am prompted for the admin password. However, if I browse to http://example.com/readme.txt Nginx happily shows me the contents of readme.txt. I am using Nginx 1.6.2 on Ubuntu 14.10 x64. Is this a bug or have I got my understanding of Nginx wrong? I'd much appreciate any help.
location /admin {
auth_basic "Administrator Login";
auth_basic_user_file /path/to/.htpasswd
}
with .htpasswd created via htpasswd -c ... and the path to it being absolute should protect access to the /admin folder and everything within it. What I find, is that when I browse to
http://example.com/admin I am prompted for the admin password. However, if I browse to http://example.com/readme.txt Nginx happily shows me the contents of readme.txt. I am using Nginx 1.6.2 on Ubuntu 14.10 x64. Is this a bug or have I got my understanding of Nginx wrong? I'd much appreciate any help.
|
Re: Restricting access to a folder March 19, 2015 04:59PM |
Registered: 13 years ago Posts: 11 |
I had this issue as well, and the solution is to make sure your "allow / deny / auth" configuration block(s) always sit -above- your PHP & Static file configuration.
location ~* /admin {
auth_basic "Administrator Login";
auth_basic_user_file /path/to/.htpasswd
}
# Pass off php requests to Apache
location ~* \.php {
try_files $uri =404;
include /nginx/proxypass.conf;
proxy_pass http://127.0.0.1:80;
}
# Serve static files directly from nginx
location ~* \.(?:jpg|jpeg|gif|png|bmp|ico|pdf|flv|swf|exe|html|htm|txt|css|js)$ {
expires 365d;
etag on;
}
Edited 1 time(s). Last edit at 03/19/2015 05:00PM by Mayhem30.
location ~* /admin {
auth_basic "Administrator Login";
auth_basic_user_file /path/to/.htpasswd
}
# Pass off php requests to Apache
location ~* \.php {
try_files $uri =404;
include /nginx/proxypass.conf;
proxy_pass http://127.0.0.1:80;
}
# Serve static files directly from nginx
location ~* \.(?:jpg|jpeg|gif|png|bmp|ico|pdf|flv|swf|exe|html|htm|txt|css|js)$ {
expires 365d;
etag on;
}
Edited 1 time(s). Last edit at 03/19/2015 05:00PM by Mayhem30.
|
Re: Restricting access to a folder March 10, 2016 06:01AM |
Registered: 8 years ago Posts: 2 |
We have the same problem but in conjunction with ssl. Here is my config.
Any help is appreciated. I restarted several times. Where exactly should I Paste
The authentication part?
[quote]
server {
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
}
server {
location /geheim1 {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/pma_pass;
}
### To listen port on HTTPS/ port 443
listen 443 ssl;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
ssl_certificate /etc/nginx/sslcerts/ghost.crt;
ssl_certificate_key /etc/nginx/sslcerts/ghost.key;
location / {
root /etc/nginx/html;
index index.html index.htm;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
[/quote]
Any help is appreciated. I restarted several times. Where exactly should I Paste
The authentication part?
[quote]
server {
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
}
server {
location /geheim1 {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/pma_pass;
}
### To listen port on HTTPS/ port 443
listen 443 ssl;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
ssl_certificate /etc/nginx/sslcerts/ghost.crt;
ssl_certificate_key /etc/nginx/sslcerts/ghost.key;
location / {
root /etc/nginx/html;
index index.html index.htm;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
[/quote]
|
Re: Restricting access to a folder March 10, 2016 06:25AM |
Admin Registered: 11 years ago Posts: 1,297 |
diapason Wrote:
-------------------------------------------------------
> We have the same problem but in conjunction with ssl. Here is my
> config.
> Any help is appreciated. I restarted several times. Where exactly
> should I Paste
> The authentication part?
In each location block where you want to use it.
---
nginx for Windows http://nginx-win.ecsds.eu/
-------------------------------------------------------
> We have the same problem but in conjunction with ssl. Here is my
> config.
> Any help is appreciated. I restarted several times. Where exactly
> should I Paste
> The authentication part?
In each location block where you want to use it.
---
nginx for Windows http://nginx-win.ecsds.eu/
|
Re: Restricting access to a folder March 10, 2016 07:37AM |
Registered: 8 years ago Posts: 2 |
Sorry, only registered users may post in this forum.
Online Users
Guests:
311
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|