Welcome! Log In Create A New Profile

Advanced

Re: Basic Authentication and PHP files

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
February 15, 2011 11:52AM
Hello!

On Tue, Feb 15, 2011 at 10:26:29AM -0500, Ellimist wrote:

> I have a configuration block like this :
>
> [code]
> location /members/ {
> index main.php;
> }
>
> location ~ ^/members/(?:text1|text2|text3)/(?!noinclude)[^\/]+/ {
> auth_basic "Restricted Area";
> auth_basic_user_file /home/password/.htpasswd;
> rewrite ^\/(members\/[^\/]+\/[^\/]+)\/$ /gallery.php?path=$1&page=1
> last;
> rewrite ^\/(members\/[^\/]+\/[^\/]+)\/page([0-9]+)\.php$
> /gallery.php?path=$1&page=$2 last;
> }
>
> location ~ \.php$ {
> fastcgi_pass 127.0.0.1:9000;
> fastcgi_index index.php;
> fastcgi_param SCRIPT_FILENAME
> $document_root$fastcgi_script_n$
> include fastcgi_params;
> }
>
> [/code]
>
> The problem is that whenever I go to
> http://mydomain.com/members/text1/anything/ or
> http://mydomain.com/members/text1/anything/pageX.php, it correctly
> displays the redirected page from gallery.php correctly, but it requires
> no authentication. The images and other elements embedded on the page
> from within the directory requires authentication, however.

Rewrite are executed before authentication, so you have to switch
on authentication in location where request is actually processed
(that is, rewritten one).

Additionally, /gallery.php is anyway unprotected with your config,
so it's possible to request anything without authentication by
constructing appropriate url.

To resolve both issues it would be enough to add location for
gallery.php with auth_basic, i.e.

location = /gallery.php {
auth_basic ...
fastcgi_pass ...
...
}

Though you may want to rewrite your config to avoid rewrites
altogether to something like

location /members/ {
auth_basic ...

location ~ ^/(?<path>members/[^/]+/[^/]+)/$ {
fastcgi_pass ...
fastcgi_param SCRIPT_FILENAME $document_root/gallery.php;
fastcgi_param QUERY_STRING path=$path&page=1;
...
}

location ~ ^/(?<path>members/[^/]+/[^/]+)/page(?<page>[0-9]+)\.php$ {
fastcgi_pass ...
fastcgi_param SCRIPT_FILENAME $document_root/gallery.php;
fastcgi_param QUERY_STRING path=$path&page=$page;
...
}
}

This aproach is believed to be much more maintainable than using
rewrites.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Basic Authentication and PHP files

Ellimist February 15, 2011 10:26AM

Re: Basic Authentication and PHP files

Maxim Dounin February 15, 2011 11:52AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 159
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready