How do you password protect all files within a folder, and not just the folder itself?

ie: mydomain.com/admincp is protected, but if somebody goes directly to mydomain.com/admincp/index.php they can access it.

Can you tell me how I can protect all files within the folder as well?

Thank you.

Please post your complete config file(s).

--
Jim Ohlstein

I'm actually asking, because my host is trying to tell me that it's not possible in Nginx. I had a hard time believing that, so that's why I am here.

I don't really know how or what they are trying, but apparently they can't figure it out.

Can you give me the code that would allow it to password protect not only the folder, but the contents inside the folder as well?

Or Nginx manual page that would let them know that it certainly is possible.

I really don't like having to do the work that they are being paid for.

Thanks for any info you can give!

It really depends on the situation.

Most of the time I've seen this issue arise is because the configuration file is improperly set up and the URI is being captured by another location block. In this case, it likely would be the "php" location block. The configuration file needs to be set up so that *all* files in the protected directory are captured by the location to be protected.

Something like:

[code]
location ^~ /protected-directory/ {
...
location ~ \.php$ {
... # fastcgi_pass or proxy_pass statements
}
}

location ~ \.php$ {
... # fastcgi_pass or proxy_pass statements
}
[/code]

In this case anything that matched the "^~" is processed in that location block, before any regular expressions are evaluated. The nested location, though not well documented, should function properly in this case. It's used so that any php scripts within the protected directory or any of it's subdirectories are processed properly.

See http://wiki.nginx.org/NginxHttpCoreModule#location for information on location blocks.

--
Jim Ohlstein